The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2022-02-03T22:06:15Zhttps://gitlab.torproject.org/tpo/web/community/-/issues/222Add new training slides to the community portal2022-02-03T22:06:15ZemmapeelAdd new training slides to the community portalWe should add the new training slides to the community portal, so they can be translated.
- [ ] Review slides to make a decision on orientation.We should add the new training slides to the community portal, so they can be translated.
- [ ] Review slides to make a decision on orientation.Sponsor 9 - Phase 5 - Usability and Community Intervention on Support for Democracy and Human RightsGusGushttps://gitlab.torproject.org/tpo/web/community/-/issues/102Relay guard instructions must be consistent2022-02-04T01:14:07ZGusRelay guard instructions must be consistent- [ ] torrc example must be (almost) the same configuration
- [ ] Must include how to keep update your relay
- [ ] Step by step instructions should use the same words- [ ] torrc example must be (almost) the same configuration
- [ ] Must include how to keep update your relay
- [ ] Step by step instructions should use the same wordshttps://gitlab.torproject.org/tpo/network-health/team/-/issues/99Sunset metrics-team mailing list2022-02-04T20:44:28ZGeorg KoppenSunset metrics-team mailing listWe moved the former metrics team into the network-health one and decided that we can therefore sunset the metrics-team mailing list.
This is the parent ticket for discussing the detailed plan and keeping track of the progress of the rel...We moved the former metrics team into the network-health one and decided that we can therefore sunset the metrics-team mailing list.
This is the parent ticket for discussing the detailed plan and keeping track of the progress of the related child tasks.
- [x] Give 2 weeks notice to subscribers of metrics-team@ mailing list about what is going to happen.
- [x] [Move all subscribers of metrics-team@ to network-health mailing list.](tpo/tpa/team#40388)
- [x] tpo/network-health/metrics/collector#40015
- [x] tpo/network-health/metrics/onionoo#40019
- [x] tpo/network-health/metrics/cloud#40004
- [x] tpo/network-health/metrics/library#40011
- [x] Go over code/docs linking to the metrics list, too (e.g. https://metrics.torproject.org/about.html#contact has a reference)
/cc @hiroGeorg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/core/chutney/-/issues/22376Make the chutney README less scary2022-02-07T19:26:22ZteorMake the chutney README less scaryChutney works decently well now.
We should edit the README intro to reflect that.Chutney works decently well now.
We should edit the README intro to reflect that.https://gitlab.torproject.org/tpo/core/chutney/-/issues/30720Use test-network.sh for the examples in Chutney's README2022-02-07T19:30:52ZteorUse test-network.sh for the examples in Chutney's READMEChutney's README is confusing, because we provide examples that assume you have already started a chutney network.
Instead, we should provide test-network.sh command lines.Chutney's README is confusing, because we provide examples that assume you have already started a chutney network.
Instead, we should provide test-network.sh command lines.https://gitlab.torproject.org/tpo/core/chutney/-/issues/17282Chutney could use a HOWTO for writing new test cases, network tests, etc2022-02-07T19:32:12ZNick MathewsonChutney could use a HOWTO for writing new test cases, network tests, etcDue April 2016Due April 2016https://gitlab.torproject.org/tpo/core/tor/-/issues/14854Document the hardlimit of HiddenServiceAuthorizeClient basic2022-02-07T19:38:03ZcypherpunksDocument the hardlimit of HiddenServiceAuthorizeClient basicI ran some tests on HiddenServiceAuthorizeClient basic auth-type and found that it stopped working when I created 49 or more clients.
I started with 10 clients and kept adding 10 more at a time. When I had 39 clients, the hidden service ...I ran some tests on HiddenServiceAuthorizeClient basic auth-type and found that it stopped working when I created 49 or more clients.
I started with 10 clients and kept adding 10 more at a time. When I had 39 clients, the hidden service worked, but when I added 10 more, the hostname and client_keys were generated as expected, but hidden service stopped working for all of the clients.
HiddenServiceDir /var/lib/tor/test_public/ # tlxnxx74fpmkw2qh.onion
HiddenServicePort 80 127.0.0.1:80
HiddenServiceAuthorizeClient basic \
tlx_cl01, \
tlx_cl02, \
tlx_cl03, \
...
tlx_cl47, \
tlx_cl48, \
tlx_cl49
According to the man page and the specs, the stealth mode doesn't work for more than 16 clients, but implied that the basic mode should work.https://gitlab.torproject.org/tpo/core/tor/-/issues/19853ServerDNSAllowNonRFC953Hostnames affects clients, and AllowNonRFC953Hostnames...2022-02-07T19:38:32ZteorServerDNSAllowNonRFC953Hostnames affects clients, and AllowNonRFC953Hostnames affects serversIt looks like the code and man page entry for ServerDNSAllowNonRFC953Hostnames was copied straight from AllowNonRFC953Hostnames, which is the equivalent client option.
I think this is ok as-is, because even though both options affect bo...It looks like the code and man page entry for ServerDNSAllowNonRFC953Hostnames was copied straight from AllowNonRFC953Hostnames, which is the equivalent client option.
I think this is ok as-is, because even though both options affect both client and server, tor instances typically only run as clients or servers, not both.
However, the manual page entries could be updated to clarify that the options are synonyms, and affect both clients and exits.https://gitlab.torproject.org/tpo/core/tor/-/issues/20986Gracefully handle build configurations on systems without AsciiDoc2022-02-07T19:38:32ZcypherpunksGracefully handle build configurations on systems without AsciiDocOn systems without AsciiDoc the build configuration aborts telling users to pass `--disable-asciidoc`. This requires users to restart the build configuration which is annoying.
Instead the build configuration should handle these cases g...On systems without AsciiDoc the build configuration aborts telling users to pass `--disable-asciidoc`. This requires users to restart the build configuration which is annoying.
Instead the build configuration should handle these cases gracefully and show a message without aborting the configuration. In these cases i would also show a less verbose message and change it to something similar to systems without Python, see https://gitweb.torproject.org/tor.git/tree/configure.ac?id=4098bfa26073551fe3f525ada7fc9079a49fd4bb#n218.https://gitlab.torproject.org/tpo/core/tor/-/issues/28597Document SOCKSPolicy better2022-02-07T19:38:32ZteorDocument SOCKSPolicy betterWe can improve the documentation for SOCKSPolicy:
* the default policy is accept all
* mention SOCKSPolicy in SOCKSPort and DNSPortWe can improve the documentation for SOCKSPolicy:
* the default policy is accept all
* mention SOCKSPolicy in SOCKSPort and DNSPorthttps://gitlab.torproject.org/tpo/core/tor/-/issues/29134Document the max number of v3 client auths I can make2022-02-07T19:38:32ZpastlyDocument the max number of v3 client auths I can makeI'm testing out v3 onion service client auth. I couldn't find a documented maximum number of clients I can authorize for a single onion service, so I tried a really big number (400).
Full log here: https://paste.debian.net/1061430/ and ...I'm testing out v3 onion service client auth. I couldn't find a documented maximum number of clients I can authorize for a single onion service, so I tried a really big number (400).
Full log here: https://paste.debian.net/1061430/ and first bit here:
```
matt@spacecow:~/src/tor$ ./src/app/tor -f torrc-server
Jan 19 13:34:11.635 [notice] Tor 0.3.5.7 (git-9beb085c10562a25) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.1.0j, Zlib 1.2.8, Liblzma N/A, and Libzstd N/A.
Jan 19 13:34:11.635 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Jan 19 13:34:11.635 [notice] Read configuration file "/home/matt/src/tor/torrc-server".
Jan 19 13:34:11.640 [warn] Path for DataDirectory (data-server) is relative and will resolve to /home/matt/src/tor/data-server. Is this what you wanted?
Jan 19 13:34:11.640 [warn] Path for PidFile (data-server/tor.pid) is relative and will resolve to /home/matt/src/tor/data-server/tor.pid. Is this what you wanted?
Jan 19 13:34:11.640 [warn] Path for HiddenServiceDir (data-server/onion_service) is relative and will resolve to /home/matt/src/tor/data-server/onion_service. Is this what you wanted?
Jan 19 13:34:11.641 [warn] Your log may contain sensitive information - you disabled SafeLogging. Don't log unless it serves an important reason. Overwrite the log afterwards.
Jan 19 13:34:11.666 [notice] Bootstrapped 0%: Starting
Jan 19 13:34:11.948 [notice] Starting with guard context "default"
Jan 19 13:34:12.666 [notice] Bootstrapped 10%: Finishing handshake with directory server
Jan 19 13:34:12.666 [notice] Bootstrapped 80%: Connecting to the Tor network
Jan 19 13:34:12.722 [notice] Bootstrapped 90%: Establishing a Tor circuit
Jan 19 13:34:13.048 [notice] Bootstrapped 100%: Done
Jan 19 13:34:14.676 [warn] We just made an HS descriptor that's too big (54736).Failing.
Jan 19 13:34:14.676 [warn] tor_bug_occurred_(): Bug: src/feature/hs/hs_service.c:2828: upload_descriptor_to_hsdir: Non-fatal assertion !(service_encode_descriptor(service, desc, &desc->signing_kp, &encoded_desc) < 0) failed. (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: Non-fatal assertion !(service_encode_descriptor(service, desc, &desc->signing_kp, &encoded_desc) < 0) failed in upload_descriptor_to_hsdir at src/feature/hs/hs_service.c:2828. Stack trace: (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: ./src/app/tor(log_backtrace_impl+0x47) [0x564e05c29297] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: ./src/app/tor(tor_bug_occurred_+0xc0) [0x564e05c24930] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: ./src/app/tor(hs_service_run_scheduled_events+0x1d6a) [0x564e05b4c5ca] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: ./src/app/tor(+0x65e71) [0x564e05aa7e71] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: ./src/app/tor(+0x697e1) [0x564e05aab7e1] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: /usr/lib/x86_64-linux-gnu/libevent-2.0.so.5(event_base_loop+0x6a0) [0x7f19b89755a0] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: ./src/app/tor(do_main_loop+0x9d) [0x564e05aab21d] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: ./src/app/tor(tor_run_main+0x1215) [0x564e05a990a5] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: ./src/app/tor(tor_main+0x3a) [0x564e05a962ca] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: ./src/app/tor(main+0x19) [0x564e05a95e49] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1) [0x7f19b7ac12e1] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: ./src/app/tor(_start+0x2a) [0x564e05a95e9a] (on Tor 0.3.5.7 9beb085c10562a25)
```
I didn't expect to be allowed an unlimited number of client authorizations, but I do expect Tor to handle too many more gracefully.
```
matt@spacecow:~/src/tor$ cat torrc-server
DataDirectory data-server
Log notice file data-server/notice.log
Log notice stdout
PidFile data-server/tor.pid
SocksPort 0
SafeLogging 0
LogTimeGranularity 1
HiddenServiceDir data-server/onion_service
HiddenServicePort 80 11223
```
```
matt@spacecow:~/src/tor$ cat torrc-client
DataDirectory data-client
Log notice file data-client/notice.log
Log notice stdout
PidFile data-client/tor.pid
SocksPort auto
SafeLogging 0
LogTimeGranularity 1
ClientOnionAuthDir data-client/v3onionauth
```
I wrote a script to generate a ton of .auth and .auth_private files.
1. Start the server's tor with DisableNetwork set, wait for it to bootstrap, then stop it. Grab the hostname of the onion service
2. Use this script (https://paste.debian.net/1061432/) to generate a bunch of .auth and .auth_private files. For example:
```
matt@spacecow:~/src/python-snippits/src ./x25519-gen.py \
> ck7vkjy5dfk4dh564wnhqrdhmeh4qrnnkmo5tdwu4n7wickkhbzrb7yd \
> 400 \
> ~/src/tor/data-server/onion_service/authorized_clients/ \
> ~/src/tor/data-client/v3onionauth/
```
3. Then remove DisableNetwork and start the server. It produces the above buggy logshttps://gitlab.torproject.org/tpo/core/tor/-/issues/32691Image broken in 'src-ref' documentation2022-02-07T19:38:32ZoparaImage broken in 'src-ref' documentationFor example if you visit https://src-ref.docs.torproject.org/tor/dataflow.html, the "structure hierarchy for connection types" image is missing (the img tag has a 404). There are possibly other missing images as well, but I can't find th...For example if you visit https://src-ref.docs.torproject.org/tor/dataflow.html, the "structure hierarchy for connection types" image is missing (the img tag has a 404). There are possibly other missing images as well, but I can't find the markdown files to check (there were the original versions, then they were moved to the tor git repo and edited iirc, but now they're gone).
There's also another image missing on the same page, but has no <img> tag (compare the top of the https://people.torproject.org/~nickm/tor-auto/internal/02-dataflow.html and https://src-ref.docs.torproject.org/tor/dataflow.html pages). But it may have been removed on purpose.https://gitlab.torproject.org/tpo/core/tor/-/issues/3145excludeexitnodes by ip misleading when exit relay uses outboundbindaddress2022-02-07T19:41:18ZRoger Dingledineexcludeexitnodes by ip misleading when exit relay uses outboundbindaddressIn legacy/trac#3143 we have a user who tried to set ExcludeExitNodes with an IP address based on the address of his Tor traffic. It didn't work, because the exit relay in question exits from a different IP address than it advertises in i...In legacy/trac#3143 we have a user who tried to set ExcludeExitNodes with an IP address based on the address of his Tor traffic. It didn't work, because the exit relay in question exits from a different IP address than it advertises in its descriptor.
My first answer was "well, you should be excluding exit nodes by fingerprint". But that isn't a very satisfactory answer.
We could have the descriptors (and microdescriptors, ugh) or the consensus mention alternate IPs for this purpose.
It was easy for me to look up because moria1's cached-descriptor file says
```
@uploaded-at 2011-05-09 17:38:43
@source "66.249.9.107"
router ecksnet 66.249.9.183 80 0 0
```
but that isn't going to be so easy for others.
There's also the tor bulk exit lists:
https://metrics.torproject.org/data.html#exitlist
which have this clause for the relay in question:
```
ExitNode 07E9456ED300CABCE2549119FE5B3CC27DA55585
Published 2011-05-10 11:39:28
LastStatus 2011-05-11 06:04:20
ExitAddress 66.249.9.107 2011-05-10 12:33:34
```
but that's not exactly easier for users to know about or use either.https://gitlab.torproject.org/tpo/web/support/-/issues/57Create new question - When I start Tor Browser I get an error message: "Canno...2022-02-08T14:49:33ZGusCreate new question - When I start Tor Browser I get an error message: "Cannot load XPCOM"https://2019.www.torproject.org/docs/faq.html.en#XPCOMErrorhttps://2019.www.torproject.org/docs/faq.html.en#XPCOMErrorhttps://gitlab.torproject.org/tpo/web/community/-/issues/253Update Windows guide to include Windows Firewall2022-02-15T19:29:19ZemmapeelUpdate Windows guide to include Windows Firewall[As reported by lokodlare in our forum](https://forum.torproject.net/t/high-speed-relays-on-windows-not-great-not-terrible/2056) we should include information about Windows Firewall on our Windows instructions at https://community.torpro...[As reported by lokodlare in our forum](https://forum.torproject.net/t/high-speed-relays-on-windows-not-great-not-terrible/2056) we should include information about Windows Firewall on our Windows instructions at https://community.torproject.org/relay/setup/guard/windows/, because our guide _"sadly omits to even mention Windows’ integrated Firewall. Windows Firewall is enabled by default in all more recent versions of Windows (for good reason!) and you will need to create new rules for your tor relay(s) or bridge(s) to be reachable from the outside"_.https://gitlab.torproject.org/tpo/web/support/-/issues/20Improve NoScript documentation2022-02-15T20:01:35ZAntonelaantonela@torproject.orgImprove NoScript documentation[https://blog.torproject.org/comment/277954#comment-277954 A user asks] for a better documentation for NoScript 10.
> On the introductory page you have a link "FAQ", and there you will find a link "NoScript FAQ", which will open the FAQ ...[https://blog.torproject.org/comment/277954#comment-277954 A user asks] for a better documentation for NoScript 10.
> On the introductory page you have a link "FAQ", and there you will find a link "NoScript FAQ", which will open the FAQ for the old noscript version(s). There is no official documentation for noscript. All you can get is a link to a blog writer giving "basic" information about the new noscript. This is very basic indeed and not an official documentation.
> Another link will redirect you to a page inteding to give an overview of the new noscript in a nutshell. A nutshell is not enough for understanding the new noscript - as you can see from the "226 Responses to “NoScript, "Quantum" vs "Legacy" in a nutshell”.
The [https://www.torproject.org/docs/faq current/old FAQ] does not link the NoScript FAQ, while the [https://support.torproject.org/#tbb support page] does.
[https://support.torproject.org/#tbb-25 I'm having a problem with NoScript.] links to the NoScript FAQ which i think is fine although it may not reflect [https://noscript.net/changelog latest changes]?
BTW {{{Should I install a new add-on or extension in Tor Browser, like AdBlock Plus or uBlock Origin?}}} is listed twice ([https://support.torproject.org/#faq-3 faq-3] and [https://support.torproject.org/#tbb-14 tbb-14])
https://trac.torproject.org/projects/tor/ticket/28418https://gitlab.torproject.org/tpo/network-health/sbws/-/issues/29718Include a refactor plan2022-02-17T08:49:03ZjugaInclude a refactor planThe parent ticket have some children tickets and we collected some ideas in https://pad.riseup.net/p/rGfvR7ZsvtoZ, but there are other ideas not collected.The parent ticket have some children tickets and we collected some ideas in https://pad.riseup.net/p/rGfvR7ZsvtoZ, but there are other ideas not collected.sbws: unspecifiedhttps://gitlab.torproject.org/tpo/network-health/sbws/-/issues/29752Document new sbws Gitlab labels2022-02-18T20:48:05ZjugaDocument new sbws Gitlab labelssbws: unspecifiedhttps://gitlab.torproject.org/tpo/core/torspec/-/issues/24PT_LOG and PT_STATUS event fields unspecifed2022-02-21T19:12:25ZDamian JohnsonPT_LOG and PT_STATUS event fields unspecifedRecently Tor added PT_LOG and PT_STATUS events to the spec...
https://gitweb.torproject.org/torspec.git/commit/?id=3028cf1
https://gitweb.torproject.org/torspec.git/commit/?id=b38257e
Unfortunately the 'pt-spec.txt section 3.3.5' secti...Recently Tor added PT_LOG and PT_STATUS events to the spec...
https://gitweb.torproject.org/torspec.git/commit/?id=3028cf1
https://gitweb.torproject.org/torspec.git/commit/?id=b38257e
Unfortunately the 'pt-spec.txt section 3.3.5' section they mention does not exist, and in looking around I can't find anything that describes what these event fields are defined as ('PT=' 'TYPE=', 'CONNECT=', etc).
I started to write a stem parser for these but can't continue until this is done (I can't parse events without knowing what fields they include).
David is aware of this and plans to has kindly offered to add the missing info...
```
22:24 <+atagar> dgoulet: Your control-spec addition to descript PT_LOG and PT_STATUS
cite a pt-spec section 3.3.4 which does not exist.
22:24 <+atagar> s/descript/describe
22:29 <+atagar> dgoulet: Huh. I'm not spotting anything that lists the keyword
arguments ('PT=' and 'SEVERITY=') so guess the sections simply
missing from the spec. I need that for stem support so please
give me a nudge when the event spec's done. :)
22:59 <+dgoulet> atagar: oh hmmm I'll fix that sorry
23:17 <+atagar> Thanks! Much appreciated. :)
```https://gitlab.torproject.org/tpo/core/torspec/-/issues/23Describe consensus digest calculation2022-02-21T19:12:25ZDamian JohnsonDescribe consensus digest calculationHi lovely network team folks. No doubt I'm being blind but I'm having difficulty figuring out how to calculate network status document digests.
During the voting period (minutes 55-60 of the hour) I fetched the detached signatures and u...Hi lovely network team folks. No doubt I'm being blind but I'm having difficulty figuring out how to calculate network status document digests.
During the voting period (minutes 55-60 of the hour) I fetched the detached signatures and upcoming consensus. The detached signatures cite the digest...
```
% curl http://128.31.0.39:9131/tor/status-vote/next/consensus-signatures > sigs
% curl http://128.31.0.39:9131/tor/status-vote/next/consensus > next_consensus
% grep consensus-digest sigs
consensus-digest 296BA01987256A1C8EFB20E17667152DCFA50755
```
But in trying hex encoded sha1s of various ranges of the consensus I'm having difficulty getting a value that matches that. No doubt I'm missing something but the spec is unhelpfully vague saying simply 'this is the digest' without citing a section describing how it's calculated...
https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n3309
It's probably buried in there somewhere but I've skimmed through the spec a few times and it's not jumping out at me. Mind clarifying in the spec how to calculate this?
Thanks!