[tor-bugs] #33029 [Core Tor/Tor]: dir-auth: Never send a 503 directory request code to another directory authority

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jan 22 21:07:43 UTC 2020 

#33029: dir-auth: Never send a 503 directory request code to another directory
authority
--------------------------+------------------------------------
 Reporter:  dgoulet       |          Owner:  dgoulet
     Type:  defect        |         Status:  needs_review
 Priority:  Medium        |      Milestone:  Tor: 0.4.3.x-final
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:  tor-dirauth   |  Actual Points:
Parent ID:  #33018        |         Points:  0.4
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------

Comment (by arma):

 Looks good! A small issue:

 * "is the one of a configured directory" -> "is a configured directory"

 and a bigger issue:

 * "so it might get a 503 code and thus fail the upload of its brand new
 descriptor" -- I don't think you can get a 503 in response to a post
 attempt. That is, we only check global_write_bucket_low() in five cases:
   * handle_get_current_consensus(), in response to a vanilla or microdesc
 consensus request
   * handle_get_status_vote(), for when somebody is asking for our current
 or most recent vote [that one's fun because only dir auths serve votes,
 and previously dir auths would never decide to reply with a 503]
   * handle_get_microdesc(), when somebody is asking for individual
 microdescs
   * handle_get_descriptor(), same as above but for vanilla descriptors
   * handle_get_keys(), when somebody is asking for authority certificates

   So the "To clarify further the situation:" paragraph in the commit
 comment needs to change. I think the problematic scenario is that relays
 try to fetch new consensus and descriptor documents from authorities,
 because directory_fetches_from_authorities(), but the authorities give
 them a 503 and then they don't have a proper cached version to give out
 when clients come asking, and then clients don't get their network view
 and it all falls apart.

   That's why this patch here should be ok for one or two authorities to
 run, but not more, until we also do the "whitelist relays" piece of it.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33029#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list