[tor-dev] Dirauth setting for PathsNeededToBuildCircuits

teor teor2345 at gmail.com
Fri Sep 9 01:42:44 UTC 2016

> On 9 Sep 2016, at 09:35, Jesse V <kernelcorn at riseup.net> wrote:
> Tor clients can only build circuits once they know enough about the
> network. This "know enough" threshold is determined by the
> PathsNeededToBuildCircuits setting. From reading Tor's manual, it seems
> that a setting of X tells Tor clients to wait until they have enough
> descriptors/microdescriptors such that they have X percentage of
> consensus weight. By default PathsNeededToBuildCircuits is determined by
> the directory authorities.

No, that's not quite right:
Tor waits until it has that fraction of *paths*, not that fraction of [micro]descriptors.

So, in an ordinary Tor network, when a client has descriptors containing half the total consensus weight, this is:
0.5 guards * 0.5 middles * 0.5 exits = 0.125 of paths

See compute_frac_paths_available:

There's a slightly different calculation used in recent Tor versions with small networks with no Exits, which are typically hidden-service only test networks.
The example above would be:
0.5 guards * 0.5 middles * no exits in consensus (1.0) = 0.25 of paths


> I'm curious, how is PathsNeededToBuildCircuits set? I don't see that
> value in the microdescriptor documents, it doesn't seem to be documented
> in tor-spec, and I don't see much about it online, but maybe I missed
> something. What is the typical value?

min_paths_for_circs_pct is not set in the consensus:

So the default is used:
Unless the client specifies a value for PathsNeededToBuildCircuits.

See get_frac_paths_needed_for_circs for details:

Thanks for reporting this, I've updated the PathsNeededToBuildCircuits tor manual page entry:

> I see that 0.95 is the cutoff, but
> how high will prevent a client from bootstrapping?

It really depends on how many descriptors the client can retrieve, which depends on how many directory servers it can access, and how many descriptors they have retrieved. Almost all directory mirrors should have 100% of the descriptors in recent consensuses. So it really depends on how well the client can retrieve them - on its network connectivity and speed.

0.95 is fine in the current network with a decent client connection:
tor DataDirectory `mktemp -d` PathsNeededToBuildCircuits 0.95

So I disabled the PathsNeededToBuildCircuits maximum and rebuilt master:

src/or/tor DataDirectory `mktemp -d` PathsNeededToBuildCircuits 1.0
At this level, Tor failed to bootstrap once, but seems to succeed most times.
But it takes about twice as long to load relay descriptors (10s vs 20s).


> --
> Jesse V
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
xmpp: teor at torproject dot org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160909/ac202611/attachment.sig>

More information about the tor-dev mailing list