[tor-bugs] #28737 [Core Tor/sbws]: Redesign sbws torrc option configuration
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Dec 7 08:23:42 UTC 2018
#28737: Redesign sbws torrc option configuration
---------------------------+-----------------------------------
Reporter: teor | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: sbws: 1.1.x-final
Component: Core Tor/sbws | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
---------------------------+-----------------------------------
Old description:
> sbws' torrc option handling is broken.
>
> Here's a better scheme:
> 1. sbws config.default.ini and config.ini contain the following sections:
> * tor.launch_options: a minimal set of options that must be configured
> when tor is launched. The minimal set contains the data directory config,
> control config, and log config. The network is disabled at launch. The
> initial options are:
> {{{
> 'DataDirectory': conf.getpath('tor', 'datadir'),
> 'PidFile': conf.getpath('tor', 'pid'),
> # Because we need things from full server descriptors (namely for
> now: the
> # bandwidth line)
> 'UseMicrodescriptors': '0',
>
> 'ControlSocket': conf.getpath('tor', 'control_socket'),
> # Easier than password authentication
> 'CookieAuthentication': '1',
>
> 'Log': [
> 'NOTICE file {}'.format(os.path.join(conf.getpath('tor', 'log'),
> 'notice.log')),
> ],
> # useful logging options for clients that don't care about anonymity
> 'SafeLogging': '0',
> 'LogTimeGranularity': '1',
> 'ProtocolWarnings': '1',
>
> 'DisableNetwork': '1',
> }}}
> * tor.runtime_options: any other tor options that can be set at
> runtime. The network is enabled at runtime. The initial options are:
> {{{
> # We will find out via the ControlPort and not setting something
> static
> # means a lower chance of conflict
> 'SocksPort': 'auto',
>
> # To avoid path bias warnings
> 'UseEntryGuards': '0',
>
> c.set_conf('__LeaveStreamsUnattached', '1')
>
> # Things needed to make circuits fail a little faster. We get the
> # circuit_timeout as a string instead of an int on purpose: stem only
> # accepts strings.
> 'LearnCircuitBuildTimeout': '0',
> 'CircuitBuildTimeout': conf['general']['circuit_timeout'],
>
> 'DisableNetwork': '0',
> }}}
> * Zero or more tor.ignore_failure_options.(group name): tor options
> that are set in groups at runtime, but ignored if they fail. #28692 and
> #28694 will add options to this list.
>
> Options in config.ini override options with the same name in
> sbws.default.ini, with + and / having the same meaning as in a torrc file
> (+ appends, / removes). Tor will make ignore failure options replace
> runtime options, and both replace launch options.
>
> 2. sbws gets its control socket from the launch_options ControlSocket
> option(s)
> 3. sbws gets its data directory, pid, log(s), and circuit build timeout
> using GETCONF
>
> 4. For backwards compatibility:
> * if tor.extra_lines is present, it should be applied at launch. sbws'
> option merging code never worked, so we can just append extra_lines to
> launch_options. This shouldn't cause any more issues than the existing
> code.
> * if these sbws options are present in an old config file, synthesise
> the corresponding torrc options. If launch_options is also present, it
> overrides the synthetic options. (sbws' option merging never worked for
> these options.)
> {{{
> 'DataDirectory': conf.getpath('tor', 'datadir'),
> 'PidFile': conf.getpath('tor', 'pid'),
> 'ControlSocket': conf.getpath('tor', 'control_socket'),
> 'Log': [
> 'NOTICE file {}'.format(os.path.join(conf.getpath('tor',
> 'log'),
> 'notice.log')),
> ],
> # Things needed to make circuits fail a little faster. We get the
> # circuit_timeout as a string instead of an int on purpose: stem
> only
> # accepts strings.
> 'CircuitBuildTimeout': conf['general']['circuit_timeout'],
> }}}
>
> The final option order is:
> * sbws merges launch_options:
> * synthetic legacy config options from config.default.ini
> * launch_options + extra_lines from config.default.ini
> * synthetic legacy config options from config.ini
> * launch_options + extra_lines from config.ini
> * sbws merges runtime_options from:
> * config.default.ini
> * config.ini
> * sbws merges each group of ignore_failure_options from:
> * config.default.ini
> * config.ini
>
> sbws launches tor with launch_options, then applies runtime_options, then
> applies each group of ignore_failure_options.
>
> This is a new feature, so it should go in sbws 1.1.
New description:
sbws' torrc option handling is broken.
Here's a better scheme:
1. sbws config.default.ini and config.ini contain the following sections:
* tor.options.launch: a minimal set of options that must be configured
when tor is launched. The minimal set contains the data directory config,
control config, and log config. The network is disabled at launch. The
initial options are:
{{{
'DataDirectory': conf.getpath('tor', 'datadir'),
'PidFile': conf.getpath('tor', 'pid'),
# Because we need things from full server descriptors (namely for now:
the
# bandwidth line)
'UseMicrodescriptors': '0',
'ControlSocket': conf.getpath('tor', 'control_socket'),
# Easier than password authentication
'CookieAuthentication': '1',
'Log': [
'NOTICE file {}'.format(os.path.join(conf.getpath('tor', 'log'),
'notice.log')),
],
# useful logging options for clients that don't care about anonymity
'SafeLogging': '0',
'LogTimeGranularity': '1',
'ProtocolWarnings': '1',
'DisableNetwork': '1',
}}}
* tor.options.runtime.(group_name): Zero or more groups of tor options
that can be set at runtime. The network is enabled at runtime. The
"50-default" group of options is:
{{{
# We will find out via the ControlPort and not setting something
static
# means a lower chance of conflict
'SocksPort': 'auto',
# To avoid path bias warnings
'UseEntryGuards': '0',
c.set_conf('__LeaveStreamsUnattached', '1')
# Things needed to make circuits fail a little faster. We get the
# circuit_timeout as a string instead of an int on purpose: stem only
# accepts strings.
'LearnCircuitBuildTimeout': '0',
'CircuitBuildTimeout': conf['general']['circuit_timeout'],
'DisableNetwork': '0',
}}}
* Zero or more tor.runtime.ignore_failure.(group name): tor options that
are set in groups at runtime, but ignored if they fail. #28692 and #28694
will add options to this list.
Options in config.ini override options with the same name in
sbws.default.ini, with + and / having the same meaning as in a torrc file
(+ appends, / removes). Launch options are applied first, then runtime
options are applied in group name order. Tor will make later runtime
options replace earlier runtime options, and launch options.
2. sbws gets its control socket from the launch_options ControlSocket
option(s)
3. sbws gets its data directory, pid, log(s), and circuit build timeout
using GETCONF
4. For backwards compatibility:
* if tor.extra_lines is present, it should be appended to
tor.options.launch. sbws' option merging code never worked, so appending
shouldn't cause any more issues than the existing code.
* if any of these sbws options are present in an old config file,
synthesise options.launch from the sbws options. If options.launch is also
present in the same config file, it overrides the synthetic options.
(sbws' option merging never worked for these options.)
{{{
'DataDirectory': conf.getpath('tor', 'datadir'),
'PidFile': conf.getpath('tor', 'pid'),
'ControlSocket': conf.getpath('tor', 'control_socket'),
'Log': [
'NOTICE file {}'.format(os.path.join(conf.getpath('tor',
'log'),
'notice.log')),
],
# Things needed to make circuits fail a little faster. We get the
# circuit_timeout as a string instead of an int on purpose: stem
only
# accepts strings.
'CircuitBuildTimeout': conf['general']['circuit_timeout'],
}}}
The final option order is:
* sbws creates options.launch, using the last option from:
* synthetic legacy config options from config.default.ini
* options.launch from config.default.ini
* synthetic legacy config options from config.ini
* options.launch from config.ini
* sbws appends extra_lines to options.launch, using the last extra_lines
from:
* config.default.ini
* config.ini
* sbws creates options.runtime groups, using the last one of each group
from:
* config.default.ini
* config.ini
sbws launches tor with options.launch, then applies each group of
options.runtime in order.
This is a new feature, so it should go in sbws 1.1.
--
Comment (by teor):
Tweak the spec.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28737#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list