[tor-bugs] #26136 [Core Tor/Tor]: DirPort reachability test inconsistency when only "DirPort x.x.x.x:x NoAdvertise" configured (was: DirPort reachabality test incorrectly tried when only "DirPort x.x.x.x:x NoAdvertise" configured)

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat May 19 22:37:34 UTC 2018


#26136: DirPort reachability test inconsistency when only "DirPort x.x.x.x:x
NoAdvertise" configured
----------------------------------------------+----------------------------
 Reporter:  starlight                         |          Owner:  (none)
     Type:  defect                            |         Status:
                                              |  needs_information
 Priority:  Medium                            |      Milestone:  Tor:
                                              |  0.3.4.x-final
Component:  Core Tor/Tor                      |        Version:  Tor:
                                              |  0.3.4.1-alpha
 Severity:  Normal                            |     Resolution:
 Keywords:  regression-maybe, 034-must-maybe  |  Actual Points:
Parent ID:                                    |         Points:
 Reviewer:                                    |        Sponsor:
----------------------------------------------+----------------------------
Changes (by teor):

 * keywords:   => regression-maybe, 034-must-maybe
 * status:  new => needs_information
 * milestone:   => Tor: 0.3.4.x-final


Old description:

> If relay starts with only NoAdvertise DirPorts configured, bootstrapping
> fails:
>
> {{{
> Tor 0.3.4.1-alpha (git-deb8970a29ef7427) running on Linux with Libevent
> x.x.x, OpenSSL x.x.x, Zlib x.x.x, Liblzma x.x.x, and Libzstd x.x.x.
> .
> .
> .
> Opening Control listener on x.x.x.y:r
> Opening OR listener on x.x.x.x:o
> Opening Directory listener on x.x.x.y:d
> .
> .
> .
> Bootstrapped 80%: Connecting to the Tor network
> Bootstrapped 85%: Finishing handshake with first hop
> Bootstrapped 90%: Establishing a Tor circuit
> Tor has successfully opened a circuit. Looks like client functionality is
> working.
> Bootstrapped 100%: Done
> Now checking whether ORPort x.x.x.x:o is reachable... (this may take up
> to 20 minutes -- look for log messages indicating success)
> Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not
> known. Closing.
> Self-testing indicates your ORPort is reachable from the outside.
> Excellent.
> Performing bandwidth self-test...done.
> Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not
> known. Closing.
> Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not
> known. Closing.
> Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not
> known. Closing.
> Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not
> known. Closing.
> Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not
> known. Closing.
> Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not
> known. Closing.
> Your server (x.x.x.x:0) has not managed to confirm that its DirPort is
> reachable. Relays do not publish descriptors until their ORPort and
> DirPort are reachable. Please check your firewalls, ports, address,
> /etc/hosts file, etc.
> }}}
>
> {{{
> ORPort x.x.x.x:o
> DirPort x.x.x.y:d NoAdvertise
> ControlPort x.x.x.y:r
> }}}

New description:

 If relay starts with only NoAdvertise DirPorts configured, ~~bootstrapping
 fails~~ the relay's descriptor is never published:

 {{{
 Tor 0.3.4.1-alpha (git-deb8970a29ef7427) running on Linux with Libevent
 x.x.x, OpenSSL x.x.x, Zlib x.x.x, Liblzma x.x.x, and Libzstd x.x.x.
 .
 .
 .
 Opening Control listener on x.x.x.y:r
 Opening OR listener on x.x.x.x:o
 Opening Directory listener on x.x.x.y:d
 .
 .
 .
 Bootstrapped 80%: Connecting to the Tor network
 Bootstrapped 85%: Finishing handshake with first hop
 Bootstrapped 90%: Establishing a Tor circuit
 Tor has successfully opened a circuit. Looks like client functionality is
 working.
 Bootstrapped 100%: Done
 Now checking whether ORPort x.x.x.x:o is reachable... (this may take up to
 20 minutes -- look for log messages indicating success)
 Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not
 known. Closing.
 Self-testing indicates your ORPort is reachable from the outside.
 Excellent.
 Performing bandwidth self-test...done.
 Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not
 known. Closing.
 Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not
 known. Closing.
 Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not
 known. Closing.
 Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not
 known. Closing.
 Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not
 known. Closing.
 Requested exit point '$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' is not
 known. Closing.
 Your server (x.x.x.x:0) has not managed to confirm that its DirPort is
 reachable. Relays do not publish descriptors until their ORPort and
 DirPort are reachable. Please check your firewalls, ports, address,
 /etc/hosts file, etc.
 }}}

 {{{
 ORPort x.x.x.x:o
 DirPort x.x.x.y:d NoAdvertise
 ControlPort x.x.x.y:r
 }}}

--

Comment:

 You removed the log line where the relay guesses its own IPv4 address.
 Since self-testing to the ORPort was successful, I'm going to assume that
 it guessed x.x.x.x. You might want to set "Address x.x.x.x" if x.x.x.y is
 also a public IP address. (I'm guessing it's not, because you have a
 control port on it.)

 It looks like Tor isn't launching the DirPort self-test, but it is waiting
 for the DirPort self-test to be successful before it publishes. Oops!

 Does this config work with Tor 0.3.3?
 Does it work with Tor 0.2.9?
 (If it does, we must fix this regression before 0.3.4 stable. If it has
 been a bug for a long time, maybe it can wait.)

 I would normally ask "Does this config work if you don't set NoAdvertise
 on the DirPort?"
 But the config probably won't work, because the relay will either guess
 x.x.x.x or x.x.x.y as its address, so one of the ORPort or DirPort checks
 will fail.

 Does this config work if you set "DirPort x.x.x.x:d"?
 Does this config fail if you set "DirPort x.x.x.x:d NoAdvertise"?

 Does this config work if you don't set a DirPort?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26136#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list