[tor-bugs] #24932 [Metrics/Onionoo]: Onionoo should stop parsing untrusted descriptors

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jan 18 13:35:39 UTC 2018


#24932: Onionoo should stop parsing untrusted descriptors
-----------------------------+------------------------------
 Reporter:  teor             |          Owner:  metrics-team
     Type:  defect           |         Status:  new
 Priority:  Low              |      Milestone:
Component:  Metrics/Onionoo  |        Version:
 Severity:  Minor            |     Resolution:
 Keywords:                   |  Actual Points:
Parent ID:                   |         Points:
 Reviewer:                   |        Sponsor:
-----------------------------+------------------------------

Comment (by karsten):

 Indeed, this is worth considering.

 Right now, we're parsing all descriptors and only keeping the one with
 highest publication time. And we're telling users in the specification
 when a piece of information comes from the latest known server descriptor
 vs. from a more authoritative source.

 However, here's why this might be a bit trickier to implement than it
 seems: we're processing server descriptors and consensuses in separate
 streams, and we're not making any assumption on the order in which we
 process them. Right now we can immediately discard a server descriptor if
 we already processed a new server descriptor before. But if we want to
 keep the server descriptor that is last referenced from a consensus, we
 might end up keeping many, many server descriptors. Some relays are really
 busy publishing new descriptors, possibly due to bugs, so this is some
 data that we'd have to store. We might apply some heuristics when we can
 safely discard a server descriptor. But this is a bit messy.

 If this is actually simpler than I'm thinking right now, let's collect
 ideas on this ticket. Otherwise, it's indeed a low-priority ticket that we
 should work on after closing all the higher-priority tickets.

 Thanks for opening this ticket!

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24932#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list