Skip to content

GitLab

Trac
Trac

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Closed (moved)
Opened by Trac@tracbot

tor seems to ignore "DirServer" option

I've got the following 3 directives in my torrc:

DirServer 95.223.60.130:443 23155386E3B4B93B0294DB3A6263A8FAFE273255 DirServer 89.245.227.226:9001 6CB447C4CBCC4F5BDB4BA096902C2956CB534999 DirServer 109.228.139.83:9001 9DD97868543CB3CF432B96C082DFAC1FD16F6768

but none of the above statements seem to have been honoured by tor as I get this in my logs (debug-level):

[notice] {GENERAL} 0 entries in guards [info] {CIRC} compute_weighted_bandwidths(): Empty routerlist passed in to consensus weight node selection for rule weight as guard [info] {CIRC} smartlist_choose_node_by_bandwidth(): Empty routerlist passed in to old node selection for rule weight as guard [info] {DIR} directory_pick_generic_dirserver(): No router found for consensus network-status fetch; falling back to dirserver list. [info] {DIR} router_pick_dirserver_generic(): No dirservers are reachable. Trying them all again. [notice] {DIR} While fetching directory info, no running dirservers known. Will try again later. (purpose 14) [info] {GENERAL} or_state_save(): Saved state to "/var/lib/tor/tor/state"

Why?

I don't usually set the DirServer options, but, as of yesterday, my tor gets stuck at 5% when I shutdown tor after getting the following log:

{PROTOCOL} Received a bad CERTS cell from [scrubbed]:9001: The link certificate didn't match the TLS public key

I then wiped out the entire /var/lib/tor directory (to force fresh consensus download) and then got this when I tried to start tor (again, debug-level):

============================= Dec 21 11:17:24.000 [notice] {GENERAL} 0 entries in guards Dec 21 11:17:24.000 [info] {CIRC} compute_weighted_bandwidths(): Empty routerlist passed in to consensus weight node selection for rule weight as guard Dec 21 11:17:24.000 [info] {CIRC} smartlist_choose_node_by_bandwidth(): Empty routerlist passed in to old node selection for rule weight as guard Dec 21 11:17:24.000 [info] {DIR} directory_pick_generic_dirserver(): No router found for consensus network-status fetch; falling back to dirserver list. Dec 21 11:17:24.000 [debug] {DIR} directory_initiate_command_rend(): anonymized 0, use_begindir 1. Dec 21 11:17:24.000 [debug] {DIR} directory_initiate_command_rend(): Initiating consensus network-status fetch Dec 21 11:17:24.000 [info] {APP} connection_ap_make_link(): Making internal direct tunnel to [scrubbed]:443 ... Dec 21 11:17:24.000 [debug] {NET} connection_add_impl(): new conn type Socks, socket -1, address (Tor_internal), n_conns 3. Dec 21 11:17:24.000 [debug] {DIR} circuit_get_open_circ_or_launch(): considering 1, $7BE683E65D48141321C5ED92F075C55364AC7123 Dec 21 11:17:24.000 [debug] {CIRC} onion_pick_cpath_exit(): Launching a one-hop circuit for dir tunnel. Dec 21 11:17:24.000 [info] {CIRC} onion_pick_cpath_exit(): Using requested exit node '$7BE683E65D48141321C5ED92F075C55364AC7123~7BE683E65D48141321C at 193.23.244.244' Dec 21 11:17:24.000 [debug] {CIRC} onion_extend_cpath(): Path is 0 long; we want 1 Dec 21 11:17:24.000 [debug] {CIRC} onion_extend_cpath(): Chose router $7BE683E65D48141321C5ED92F075C55364AC7123~7BE683E65D48141321C at 193.23.244.244 for hop 1 (exit is 7BE683E65D48141321C5ED92F075C55364AC7123) Dec 21 11:17:24.000 [debug] {CIRC} onion_extend_cpath(): Path is complete: 1 steps long Dec 21 11:17:24.000 [debug] {CIRC} circuit_handle_first_hop(): Looking for firsthop '193.23.244.244:443' Dec 21 11:17:24.000 [info] {CIRC} circuit_handle_first_hop(): Next router is [scrubbed]: Not connected. Connecting. Dec 21 11:17:24.000 [notice] {CONTROL} Bootstrapped 5%: Connecting to directory server. Dec 21 11:17:24.000 [debug] {CHANNEL} channel_tls_connect(): In channel_tls_connect() for channel 0xb797c2e8 (global id 0) Dec 21 11:17:24.000 [debug] {CHANNEL} channel_set_identity_digest(): Setting remote endpoint digest on channel 0xb797c2e8 with global ID 0 to digest 7BE683E65D48141321C5ED92F075C55364AC7123 Dec 21 11:17:24.000 [debug] {NET} connection_connect(): Connecting to [scrubbed]:443. Dec 21 11:17:25.000 [debug] {NET} connection_connect(): Connection to [scrubbed]:443 in progress (sock 4). Dec 21 11:17:25.000 [debug] {NET} connection_add_impl(): new conn type OR, socket 4, address 193.23.244.244, n_conns 4. Dec 21 11:17:25.000 [debug] {CHANNEL} channel_tls_connect(): Got orconn 0xb797c3c0 for channel with global id 0 Dec 21 11:17:25.000 [debug] {CHANNEL} channel_register(): Registering channel 0xb797c2e8 (ID 0) in state opening (1) with digest 7BE683E65D48141321C5ED92F075C55364AC7123 Dec 21 11:17:25.000 [debug] {CHANNEL} channel_add_to_digest_map(): Added channel 0xb797c2e8 (global ID 0) to identity map in state opening (1) with digest 7BE683E65D48141321C5ED92F075C55364AC7123 Dec 21 11:17:25.000 [debug] {CHANNEL} channel_set_cell_handlers(): Setting cell_handler callback for channel 0xb797c2e8 to 0xb7668500 Dec 21 11:17:25.000 [debug] {CHANNEL} channel_set_cell_handlers(): Setting var_cell_handler callback for channel 0xb797c2e8 to 0xb7667340 Dec 21 11:17:25.000 [debug] {CIRC} circuit_handle_first_hop(): connecting in progress (or finished). Good. Dec 21 11:17:25.000 [info] {APP} connection_ap_make_link(): ... application connection created and linked. Dec 21 11:17:25.000 [debug] {NET} connection_add_impl(): new conn type Directory, socket -1, address 193.23.244.244, n_conns 5. Dec 21 11:17:25.000 [info] {DIR} directory_send_command(): Downloading consensus from 193.23.244.244:443 using /tor/status-vote/current/consensus-microdesc/14C131+27B6B5+49015F+585769+805509+D586D1+E8A9C4+ED03BB+EFCBE7.z Dec 21 11:17:25.000 [info] {GENERAL} or_state_save(): Saved state to "/var/lib/tor/tor/state" Dec 21 11:17:25.000 [debug] {NET} conn_read_callback(): socket -1 wants to read. Dec 21 11:17:25.000 [info] {EDGE} connection_edge_process_inbuf(): data from edge while in 'waiting for circuit' state. Leaving it on buffer. Dec 21 11:17:25.000 [info] {EDGE} connection_edge_process_inbuf(): data from edge while in 'waiting for circuit' state. Leaving it on buffer. Dec 21 11:17:25.000 [debug] {DIR} connection_dir_finished_flushing(): client finished sending command. Dec 21 11:17:25.000 [debug] {NET} conn_read_callback(): socket 4 wants to read. Dec 21 11:17:25.000 [info] {CONTROL} control_event_bootstrap_problem(): Problem bootstrapping. Stuck at 5%: Connecting to directory server. (Connection refused; CONNECTREFUSED; count 1; recommendation ignore) Dec 21 11:17:25.000 [debug] {CHANNEL} channel_close_for_error(): Closing channel 0xb797c2e8 due to lower-layer error Dec 21 11:17:25.000 [debug] {CHANNEL} channel_change_state(): Changing state of channel 0xb797c2e8 (global ID 0) from "opening" to "closing" Dec 21 11:17:25.000 [debug] {CHANNEL} channel_remove_from_digest_map(): Removed channel 0xb797c2e8 (global ID 0) from identity map in state closing (4) with digest 7BE683E65D48141321C5ED92F075C55364AC7123 Dec 21 11:17:25.000 [debug] {CHANNEL} connection_mark_for_close_internal_(): Calling connection_mark_for_close_internal_() on an OR conn at src/or/connection.c:2828 Dec 21 11:17:25.000 [debug] {NET} conn_close_if_marked(): Cleaning up connection (fd -1). Dec 21 11:17:25.000 [debug] {CIRC} circuit_n_chan_done(): chan to NULL/193.23.244.244:443, status=0 Dec 21 11:17:25.000 [info] {CIRC} circuit_n_chan_done(): Channel failed; closing circ. Dec 21 11:17:25.000 [info] {OR} circuit_build_failed(): Our circuit died before the first hop with no connection Dec 21 11:17:25.000 [info] {APP} connection_ap_fail_onehop(): Closing one-hop stream to '$7BE683E65D48141321C5ED92F075C55364AC7123/193.23.244.244' because the OR conn just failed. Dec 21 11:17:25.000 [debug] {CIRC} circuit_increment_failure_count(): n_circuit_failures now 1. Dec 21 11:17:25.000 [debug] {CHANNEL} channel_change_state(): Changing state of channel 0xb797c2e8 (global ID 0) from "closing" to "channel error" Dec 21 11:17:25.000 [info] {HANDSHAKE} connection_or_note_state_when_broken(): Connection died in state 'connect()ing with SSL state (No SSL object)' Dec 21 11:17:25.000 [debug] {NET} connection_remove(): removing socket -1 (type OR), n_conns now 5 Dec 21 11:17:25.000 [debug] {NET} conn_close_if_marked(): Cleaning up connection (fd -1). Dec 21 11:17:25.000 [debug] {NET} connection_remove(): removing socket -1 (type Socks), n_conns now 4 Dec 21 11:17:25.000 [info] {GENERAL} connection_free_(): Freeing linked Socks connection [waiting for circuit] with 152 bytes on inbuf, 0 on outbuf. Dec 21 11:17:25.000 [debug] {NET} conn_read_callback(): socket -1 wants to read. Dec 21 11:17:25.000 [info] {HTTP} connection_dir_client_reached_eof(): 'fetch' response not all here, but we're at eof. Closing. Dec 21 11:17:25.000 [debug] {NET} conn_close_if_marked(): Cleaning up connection (fd -1).

Repeat ad-nauseum! The above log seems to stem from the fact that it looks as though dannenberg ($7BE683E65D48141321C5ED92F075C55364AC7123/193.23.244.244) doesn't accept connections on ports 443 or 80 anymore (is it down?), grinding my tor bootup to a screeching halt - something I tried to offset by explicitly setting 3 "DirServer" options, but to no avail.

Secondly, why is tor insisting on downloading its descriptors/data from that directory and not trying some other - is dannenberg the only one? I seriously doubt it!

Trac:
Username: mr-4

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information