[tor-dev] onionoo: bug in family set detection?

teor teor2345 at gmail.com
Tue Jun 2 15:44:42 UTC 2015

> Date: Mon, 01 Jun 2015 19:20:32 +0000
> From: nusenu <nusenu at openmailbox.org>
> Hi,
> by comparing different methodologies of "parsing" myfamily data I
> stumbled upon differences between onionoo and compass.
> After manual review I assume there is a bug in onionoo (or onionoo has
> a different opinion on what families actually are)
> Example:
> According to onionoo, torpidsDEevanzo [1] is part of a family with 38
> members.
> It lists torpidsFRonline [2] as one of its members, that implies that
> torpidsFRonline lists torpidsDEevanzo as one of its members as well,
> but torpidsDEevanzo does _not_ list torpidsFRonline (according to
> onionoo data).
> grep 'fingerprint":"0C77421C890D16B6D201283A2' details.json|grep
> 5510FC1736B16D46D3F2DDA5011995C478D42594
> (no result)
> Is this a bug?
> thanks
> [1]
> https://atlas.torproject.org/#details/5510FC1736B16D46D3F2DDA5011995C478D42594
> [2]
> https://atlas.torproject.org/#details/0C77421C890D16B6D201283A2244F43DF5BC89DD

No, it's a feature :-)

MyFamily requires bidirectional declarations to be effective. This prevents a malicious relay nominating significant portions of the Tor network as its family, in order to direct traffic to another malicious relay. (And/or slowing down the network and attempting to cause a DoS.)

In this case:

torpids relays have inconsistent MyFamily configurations.
OnionOO appears to correctly implement the bidirectional MyFamily logic, and remove inconsistent one-way MyFamily declarations.
Compass appears to believe each relay's MyFamily claims, without checking the other relay. This appears to be a fairly harmless bug in Compass, as Compass itself is not used for path selection.


teor2345 at gmail dot com
pgp 0xABFED1AC

teor at blah dot im
OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20150603/5c568476/attachment.sig>

More information about the tor-dev mailing list