Skip to content

dir: Do not flag non-running failing HSDir

David Goulet requested to merge dgoulet/tor:ticket40434_045_01 into maint-0.4.5

When a directory request fails, we flag the relay as non Running so we don't use it anymore.

This can be problematic with onion services because there are cases where a tor instance could have a lot of services, ephemeral ones, and keeps failing to upload descriptors, let say due to a bad network, and thus flag a lot of nodes as non Running which then in turn can not be used for circuit building.

This commit makes it that we never flag nodes as non Running on a onion service directory request (upload or fetch) failure as to keep the hashring intact and not affect other parts of tor.

Fortunately, the onion service hashring is not selected by looking at the Running flag but since we do a 3-hop circuit to the HSDir, other services on the same instance can influence each other by removing nodes from the consensus for path selection.

This was made apparent with a small network that ran out of nodes to used due to rapid succession of onion services uploading and failing. See #40434 (closed) for details.

Fixes #40434 (closed)

Signed-off-by: David Goulet

Merge request reports