[tor-dev] Why do DirAuths take that long to update a relay's version information?

nusenu nusenu-lists at riseup.net
Wed Jan 10 13:43:00 UTC 2018


the goal of this email is to avoid a false positive warning for relay operators
on atlas but the root cause might be in core tor.

I really liked when irl added the big red warning to atlas when a tor relay
runs an outdated (aka not running a "recommended") tor version
because it actually triggered operators to upgrade, an important step toward a more healthy network.
The problem is: This big red banner on atlas has false-positives which confuses operators [0].

Originally this has been an onionoo bug which
has been fixed in v1.8.0, but it happens again and Karsten had the feeling
that tor dir auths do not update  the version information of a relay after it
upgraded (and uploaded a new descriptor). I looked into one example and can confirm what Karsten suggested [1].

Let me show you that example of FP 1283EBDEEC2B9D745F1E7FBE83407655B984FD66.
Data has been provided by Karsten and is available here: [2].

That relay was running and upgraded to and uploaded his first 
descriptor with on:

2018-01-09 10:14:00,server,,

except for bastet dir auths did not care and still said this relay runs

2018-01-09 11:00:00,consensus,,
2018-01-09 11:00:00,vote,bastet,  <<<< note 
2018-01-09 11:00:00,vote,dannenberg,
2018-01-09 11:00:00,vote,dizum,
2018-01-09 11:00:00,vote,Faravahar,
2018-01-09 11:00:00,vote,gabelmoo,
2018-01-09 11:00:00,vote,longclaw,
2018-01-09 11:00:00,vote,maatuska,
2018-01-09 11:00:00,vote,moria1,
2018-01-09 11:00:00,vote,tor26,
2018-01-09 12:00:00,consensus,,
2018-01-09 12:00:00,vote,bastet, <<<<<<
2018-01-09 12:00:00,vote,dannenberg,
2018-01-09 12:00:00,vote,dizum,
2018-01-09 12:00:00,vote,Faravahar,
2018-01-09 12:00:00,vote,gabelmoo,
2018-01-09 12:00:00,vote,longclaw,
2018-01-09 12:00:00,vote,maatuska,
2018-01-09 12:00:00,vote,moria1,
2018-01-09 12:00:00,vote,tor26,

even 6 hours later this is unchanged.

Then the operator upgraded from to
and uploaded his first descriptor:

2018-01-09 16:39:01,server,,

this remained "unnoticed" by all dir auths until
longclaw voted for the new version:

2018-01-09 23:00:00,consensus,,
2018-01-09 23:00:00,vote,bastet,
2018-01-09 23:00:00,vote,dannenberg,
2018-01-09 23:00:00,vote,dizum,
2018-01-09 23:00:00,vote,Faravahar,
2018-01-09 23:00:00,vote,gabelmoo,
2018-01-09 23:00:00,vote,longclaw, <<<<<
2018-01-09 23:00:00,vote,maatuska,
2018-01-09 23:00:00,vote,moria1,
2018-01-09 23:00:00,vote,tor26, 

On 2018-01-10 02:38:07 the relay uploaded a second descriptor with
v0.3.1.9 and almost all dir auths agreed immediately:

2018-01-10 02:38:07,server,,
2018-01-10 03:00:00,consensus,,
2018-01-10 03:00:00,vote,bastet,
2018-01-10 03:00:00,vote,dannenberg,
2018-01-10 03:00:00,vote,dizum,
2018-01-10 03:00:00,vote,Faravahar,
2018-01-10 03:00:00,vote,gabelmoo,
2018-01-10 03:00:00,vote,longclaw,
2018-01-10 03:00:00,vote,maatuska,
2018-01-10 03:00:00,vote,moria1,
2018-01-10 03:00:00,vote,tor26,

So it took the operator 17 hours to convince enough 
dir auths that he upgraded.
I can see multiple reasons why this can make sense (as the tor version
is actually not that relevant consensus data) but maybe it was
not clear what the side effects of not updating that field are.

While I believe there is still another onionoo issue,
this should also be improved.


[0] http://lists.nycbug.org/pipermail/tor-bsd/2018-January/000620.html
[1] https://trac.torproject.org/projects/tor/ticket/22488#comment:11
[2] https://trac.torproject.org/projects/tor/attachment/ticket/22488/task-22488-relay-versions.csv.gz

twitter: @nusenu_

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20180110/1399aa11/attachment.sig>

More information about the tor-dev mailing list