ExcludeNodes doesn't work right

Robert Hogan robert at roberthogan.net
Fri May 1 22:26:11 UTC 2009 

On Thursday 30 April 2009 08:15:02 Scott Bennett wrote:
>      About a day ago, I added a list of obsolete nodes, mostly running
> 0.1.*.* releases, to my ExcludeNodes list in torrc.  One of those was
> TSL.  I still see TSL being chosen for routes for circuits.  I've
> noticed such apparent violations and commented upon them previously
> here.
>      What I don't yet know is whether I might be misunderstanding what
> ExcludeNodes is supposed to do, based upon my understanding of the tor
> man page, which says,
>
> ExcludeNodes node,node,...
>        A  list  of  identity fingerprints, nicknames, country codes and
>        address patterns of nodes to never use when building a  circuit.
>        (Example:  ExcludeNodes SlowServer, $ABCDEFFFFFFFFFFFFFFF, {cc},
>        255.254.0.0/8)
>
> It seems to me that as soon as I send tor a SIGHUP after adding a node
> to ExcludeNodes in torrc, tor ought to begin excluding it from future
> path selections and ought also to remove it from its list of chosen
> entry guards if it is in that list.  If my understanding of what
> ExcludeNodes is supposed to do is incorrect, I'd very much appreciate
> someone letting me know and also some advice as to how to accomplish
> real, immediate exclusion of the node from any new circuits established
> by the client side of tor.

ExcludeNodes isn't respected by tor when building circuits for 'internal' 
use, e.g. directory updates. If you can confirm that the nodes are being 
chosen for circuits that are for the user's use then that would indicate a 
problem.

I think the best way of tracking it would be to do:

telnet localhost 9051
authenticate
setevents extended circ stream
set excludenodes={your exclude nodes}

then watch/log the output. if you see 'purpose=general' against a stream on 
a circuit containing an excluded route created after you set the 
excludenodes then there may be a problem worth investigating. You could 
post the suspect output here.




>      Thanks for any information on this matter.
>
>
>                                   Scott Bennett, Comm. ASMELG, CFIAG
> **********************************************************************
> * Internet:       bennett at cs.niu.edu                              *
> *--------------------------------------------------------------------*
> * "A well regulated and disciplined militia, is at all times a good  *
> * objection to the introduction of that bane of all free governments *
> * -- a standing army."                                               *
> *    -- Gov. John Hancock, New York Journal, 28 January 1790         *
> **********************************************************************


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20090501/2ff91f78/attachment.pgp>

More information about the tor-talk mailing list