[tor-relays] Exits lost their function

Roger Dingledine arma at mit.edu
Sun Feb 11 03:12:18 UTC 2018


On Sat, Feb 10, 2018 at 11:37:00PM +0000, nusenu wrote:
> | 0.3.1.9           | Bifroest   |
> | 0.3.2.9           | bastet     | bridge dirauth

Careful, it's Bifroest that's the bridge auth. bastet is just a normal
v3 auth.

> I'm curious:
> Why did this change come into effect after only 3/9 having the change
> deployed? Are only a subset of dir auths responsible for voting about the exit flag?

From
https://collector.torproject.org/archive/relay-descriptors/votes/votes-2018-01.tar.xz
it looks like on 2018-01-20-12-00-00, mandela had the following status
flag votes:

dannenberg: s Fast Guard Stable V2Dir Valid
tor26: s Fast Guard HSDir Running Stable V2Dir Valid
longclaw: s Exit Fast HSDir Running Stable V2Dir Valid
bastet: s Fast HSDir Running Stable V2Dir Valid
maatuska: s Exit Fast HSDir Running Stable V2Dir Valid
moria1: s Fast Guard Running Stable V2Dir Valid
dizum: s Exit Fast Guard HSDir Running Stable V2Dir Valid
gabelmoo: s Fast Guard HSDir Running Stable V2Dir Valid
Faravahar: s Exit Fast HSDir Running Stable V2Dir Valid

So 4 of 9 votes for the Exit flag, and that's not enough.

In this case, 4 of the 9 were running a new enough version to withhold
the Exit flag, and dannenberg was the surprise fifth that withheld it.

In fact, dannenberg withheld the Exit flag from *every* relay in its vote,
that hour!

dannenberg gave out Exit flags from 00 to 10 on the 20th, but not at 11am,
or anytime else that day, until noon on the 21st when it resumed.

And when it resumed at noon on the 21st, it was running 0.3.2.9 (and so
even though it was voting Exit for many relays, it was no longer voting
Exit for mandela).

My first guess for the culprit would be bug 24137, which went into
0.3.3.1-alpha so only moria1 will have the fix. That bug basically
made dir auths not vote Exit when the relay's bandwidth is too low.
But that bug doesn't fit this situation perfectly.

I wonder if dannenberg dabbled in using the output of a bandwidth
authority (bwauth) during that time -- if so, then bug 24137 would be
a good match.

It's a good mystery. :) Maybe we can find more recent situations where
directory authorities completely left out the Exit flags from their votes?

--Roger



More information about the tor-relays mailing list