Fan Jiang fanjiang@thoughtworks.com writes:
[ text/plain ] On Fri, Apr 15, 2016 at 5:37 AM, George Kadianakis desnacked@riseup.net wrote:
Fan Jiang fanjiang@thoughtworks.com writes:
[ text/plain ] Thanks for the insights.
It seems like the latest version of prop259 was posted a few weeks
ago:
https://lists.torproject.org/pipermail/tor-dev/2016-March/010625.html
<snip>
A few things:
a) Are there still proposal design decisions that need to be taken
and
we
are unclear on? I admit I'm a bit lost in the latest [tor-dev]
thread, so
maybe I can be of help somehow here?
There are still some issues, like for_directory may leads to maintain
two
sets of sampled_set independently, which is not yet defined clearly in
proposal.
Hm, how come this is happening?
I would think that for_directory would now be just another filter (like
the
ipv6 one etc.) that can be applied on top of the sampled list.
The problem here is for_directory is a parameter of function call, that means we can't do filter before the call happens. Now the filter action only happens at START
stage.
Maybe do a check before we return the selected guard (if not valid, then continue picking new one) can be a solution.
Hello,
hm, that's an interesting problem...
So we learn whether a circuit is for_directory when choose_random_entry_prop259() is called, but at that point the prop259 algorithm has already STARTed and its filtering parameters have been determined?
So if some part of tor calls choose_random_entry_prop259() quickly twice, first with for_directory set, and the second time with for_directory unset, the guard algorithm will proceed in both cases with for_directory being set? Because the context has been set in the first call to choose_random_entry_prop259()?
This seems like a problem to me, and I'm not sure how to solve it well...
One way could be to use the 'cpath_build_state_t *state' in choose_random_entry_prop259() to be able to understand whether each call is about a different circuit or not. Then you could start a separate algorithm invocation (so new START) for each new circuit you see.
But then I'm not sure how to do this without each separate algorithm call wrecking up the sampled_guards and used_guards lists... In the dev meeting in Valencia, we discussed with Ola and Reinaldo about using locking and blocking for this, but I'm not sure how much that would impact the performance...
Do you guys have any plans here?
We can have two pending_guard one for directory, one for any usage(which
will be picked by the NEXT algo, so they can be same node), and they can be checked with directory flag before return. Locking may not work because this algo should at least return sth before it continues to another one, saying Dir and non-Dir are now in main loop, Or if you have any ideas please let me know.
Hello Fan and team,
I think I'm not a big fan of the pending_guard and pending_dir_guard concept. To me it seems like a quick hack that tries to address fundamental issues with our algorithm that appeared when we tried to adapt the proposal to the tor codebase.
I think one of the main issues with the current algorithm structure is that _one run of the algorithm_ can be asked to _setup multiple circuits_, and each of those circuits has different requirements for guards. That is, since we do filtering on START based on the requirements of circuit #1, this means that any other circuits that appear before END is called, also have to adapt to the requirements of circuit #1. This is obvious in the code since we use guard_selection->for_directory throughout the whole algorithm run, even though for_directory was just the restriction of circuit #1.
Specifically about the pending_guard trick, I feel that it interacts in unpredictable ways with other features of the algorithm. For example, consider how it interacts with the primary guards heuristic. It could be time for the algorithm to reenter the primary guards state and retry the top guards in the list, but because of the pending_guard thing we actually return the 15th guard to the circuit.
IMO we should revisit the algorithm so that one run of the algorithm can accomodate multiple circuits by design and without the need for hacks. Here is an idea towards that direction:
I think one very important change that we can do to simplify things is to remove the need to filter guards based on whether they are dirguards, fast, or stable. My suggestion here would be to *only* consider guards that are dirguards _and_ fast _and_ stable. This way, any circuit that appears will be happy with all the guards in our list and there is no need to do the pending_dir_guard trick. See [0] on why I think that's safe to do.
This is easy to do in the current codebase. You just need to call entry_is_live() with need_uptime, need_capacity and for_directory all enabled (instead of flags being 0).
If you do the above, your sampled guard set will be able to accomodate any circuit that comes its way and that should simplify logic considerably.
Let me know if the above does not make sense.
Here are some more comments:
- So the above idea addresses a large part of the filtering logic that happens on START. The rest of the filtering logic has to do with ClientUsesIPv6, ReachableAddreses, etc. . I think it's fine to conduct that filtering on START as well.
- I tried to run the branch as of bb3237d, but it segfaulted. Here is where it crashed:
#1 0x000055555567eb25 in guards_update_state (next=0x5555559c3f40, next@entry=0x5555559c35e8, guards=guards@entry=0x5555559c4620, config_name=config_name@entry=0x55555570c47e "UsedGuard") at src/or/prop259.c:1137 1137 !strchr(e->chosen_by_version, ' ')) {
Let me know if you need more info here.
- There is a memleak on 'extended' in filter_set().
In general, I feel that logic in that function is a bit weird. The function is called filter_set() but it can actually end up adding guards to the list. Maybe it can be renamed?
- What's up with the each_remaining_by_bandwidth() function name?
---
[0]: I think that's OK to do and here is why:
All Guards are Fast. About 95% of Guards are Stable (this will become 100% with #18624) About 80% of Guards are V2Dir/dirguards (this will become 100% with #12538)
#12538 got merged in 0.2.8, so if prop259 gets merged in 0.2.9, by the time prop259 becomes active, almost all guards will be dirguards.
So I think it's fine to only consider guards that are dirguards && fast && stable now, since by the time prop259 gets deployed that will be the case for almost 100% of guards.
Hi,
Hello Fan and team,
I think I'm not a big fan of the pending_guard and pending_dir_guard concept. To me it seems like a quick hack that tries to address fundamental issues with our algorithm that appeared when we tried to adapt the proposal to the tor codebase.
Yeah agree, this pending_guard hack was trying to avoid some implementation problem, we need to redesign. I haven't got any good idea about this, that will be nice if you already got some thoughts.
I think one of the main issues with the current algorithm structure is that _one run of the algorithm_ can be asked to _setup multiple circuits_, and each of those circuits has different requirements for guards. That is, since we do filtering on START based on the requirements of circuit #1, this means that any other circuits that appear before END is called, also have to adapt to the requirements of circuit #1. This is obvious in the code since we use guard_selection->for_directory throughout the whole algorithm run, even though for_directory was just the restriction of circuit #1.
Specifically about the pending_guard trick, I feel that it interacts in unpredictable ways with other features of the algorithm. For example, consider how it interacts with the primary guards heuristic. It could be time for the algorithm to reenter the primary guards state and retry the top guards in the list, but because of the pending_guard thing we actually return the 15th guard to the circuit.
IMO we should revisit the algorithm so that one run of the algorithm can accomodate multiple circuits by design and without the need for hacks. Here is an idea towards that direction:
I think one very important change that we can do to simplify things is to remove the need to filter guards based on whether they are dirguards, fast, or stable. My suggestion here would be to *only* consider guards that are dirguards _and_ fast _and_ stable. This way, any circuit that appears will be happy with all the guards in our list and there is no need to do the pending_dir_guard trick. See [0] on why I think that's safe to do.
This is easy to do in the current codebase. You just need to call entry_is_live() with need_uptime, need_capacity and for_directory all enabled (instead of flags being 0).
If you do the above, your sampled guard set will be able to accomodate any circuit that comes its way and that should simplify logic considerably.
Sounds great, that can simplify the logic a lot, I've done the change, no more pending_dir_guard.
Let me know if the above does not make sense.
Here are some more comments:
- So the above idea addresses a large part of the filtering logic that
happens on START. The rest of the filtering logic has to do with ClientUsesIPv6, ReachableAddreses, etc. . I think it's fine to conduct that filtering on START as well.
- I tried to run the branch as of bb3237d, but it segfaulted. Here is
where it crashed:
#1 0x000055555567eb25 in guards_update_state (next=0x5555559c3f40,next@entry=0x5555559c35e8, guards=guards@entry=0x5555559c4620, config_name=config_name@entry=0x55555570c47e "UsedGuard") at src/or/prop259.c:1137 1137 !strchr(e->chosen_by_version, ' ')) {
Let me know if you need more info here.
Never saw this before, will look into it.
- There is a memleak on 'extended' in filter_set().
In general, I feel that logic in that function is a bit weird. The function is called filter_set() but it can actually end up adding guards to the list. Maybe it can be renamed?
Split it up to filter_set & expand_set probably can make this clear.
- What's up with the each_remaining_by_bandwidth() function name?
I guess it should be iterate_remaining_guards_by_bandwidth.
---
[0]: I think that's OK to do and here is why:
All Guards are Fast. About 95% of Guards are Stable (this will become 100% with #18624) About 80% of Guards are V2Dir/dirguards (this will become 100%with #12538)
#12538 got merged in 0.2.8, so if prop259 gets merged in 0.2.9, by the time prop259 becomes active, almost all guards will be dirguards. So I think it's fine to only consider guards that are dirguards &&fast && stable now, since by the time prop259 gets deployed that will be the case for almost 100% of guards.
Fan Jiang fanjiang@thoughtworks.com writes:
[ text/plain ] Hi,
Hello Fan and team,
I think I'm not a big fan of the pending_guard and pending_dir_guard concept. To me it seems like a quick hack that tries to address fundamental issues with our algorithm that appeared when we tried to adapt the proposal to the tor codebase.
Yeah agree, this pending_guard hack was trying to avoid some implementation problem, we need to redesign. I haven't got any good idea about this, that will be nice if you already got some thoughts.
I think one of the main issues with the current algorithm structure is that _one run of the algorithm_ can be asked to _setup multiple circuits_, and each of those circuits has different requirements for guards. That is, since we do filtering on START based on the requirements of circuit #1, this means that any other circuits that appear before END is called, also have to adapt to the requirements of circuit #1. This is obvious in the code since we use guard_selection->for_directory throughout the whole algorithm run, even though for_directory was just the restriction of circuit #1.
Specifically about the pending_guard trick, I feel that it interacts in unpredictable ways with other features of the algorithm. For example, consider how it interacts with the primary guards heuristic. It could be time for the algorithm to reenter the primary guards state and retry the top guards in the list, but because of the pending_guard thing we actually return the 15th guard to the circuit.
IMO we should revisit the algorithm so that one run of the algorithm can accomodate multiple circuits by design and without the need for hacks. Here is an idea towards that direction:
I think one very important change that we can do to simplify things is to remove the need to filter guards based on whether they are dirguards, fast, or stable. My suggestion here would be to *only* consider guards that are dirguards _and_ fast _and_ stable. This way, any circuit that appears will be happy with all the guards in our list and there is no need to do the pending_dir_guard trick. See [0] on why I think that's safe to do.
This is easy to do in the current codebase. You just need to call entry_is_live() with need_uptime, need_capacity and for_directory all enabled (instead of flags being 0).
If you do the above, your sampled guard set will be able to accomodate any circuit that comes its way and that should simplify logic considerably.
Sounds great, that can simplify the logic a lot, I've done the change, no more pending_dir_guard.
Hm. Can't you also remove pending_guard? What's the point of it now?
BTW, looking at your e54551adbfd5be4bee795df10f925b53fc9e730d I suggest you also use entry_is_live() with the ENTRY_NEED_UPTIME and ENTRY_NEED_CAPACITY flags always enabled. So that it always returns Stable && Fast guards.
We should also look at how ENTRY_ASSUME_REACHABLE and ENTRY_NEED_DESCRIPTOR are used in the rest of the code, to see if we should enable them or not ourselves.
Never saw this before, will look into it.
- There is a memleak on 'extended' in filter_set().
In general, I feel that logic in that function is a bit weird. The function is called filter_set() but it can actually end up adding guards to the list. Maybe it can be renamed?
Split it up to filter_set & expand_set probably can make this clear.
- What's up with the each_remaining_by_bandwidth() function name?
I guess it should be iterate_remaining_guards_by_bandwidth.
Better. Or sample_guard_by_bandwidth() ? Or get_guard_by_bandwidth() ?
IIUC that function is probalistically sampling from the 'guards' set, so it's not really iterating it.
Cheers!
On Thu, Apr 21, 2016 at 4:32 AM, George Kadianakis desnacked@riseup.net wrote:
Fan Jiang fanjiang@thoughtworks.com writes:
[ text/plain ] Hi,
Hello Fan and team,
I think I'm not a big fan of the pending_guard and pending_dir_guard concept. To me it seems like a quick hack that tries to address
fundamental
issues with our algorithm that appeared when we tried to adapt the proposal to the tor codebase.
Yeah agree, this pending_guard hack was trying to avoid some
implementation
problem, we need to redesign. I haven't got any good idea about this, that will be nice if you already got some thoughts.
I think one of the main issues with the current algorithm structure is
that
_one run of the algorithm_ can be asked to _setup multiple circuits_,
and
each of those circuits has different requirements for guards. That is, since
we
do filtering on START based on the requirements of circuit #1, this means that any other circuits that appear before END is called, also have to adapt to
the
requirements of circuit #1. This is obvious in the code since we use guard_selection->for_directory throughout the whole algorithm run, even though for_directory was just the restriction of circuit #1.
Specifically about the pending_guard trick, I feel that it interacts in unpredictable ways with other features of the algorithm. For example, consider how it interacts with the primary guards heuristic. It could be time for the algorithm to reenter the primary guards state and retry the top guards
in
the list, but because of the pending_guard thing we actually return the 15th guard to the circuit.
IMO we should revisit the algorithm so that one run of the algorithm can accomodate multiple circuits by design and without the need for hacks. Here is an idea towards that direction:
I think one very important change that we can do to simplify things
is to
remove the need to filter guards based on whether they are dirguards, fast, or stable. My suggestion here would be to *only* consider guards that
are
dirguards _and_ fast _and_ stable. This way, any circuit that appears will be happy with all the guards in our list and there is no need to do the pending_dir_guard trick. See [0] on why I think that's safe to do.
This is easy to do in the current codebase. You just need to call entry_is_live() with need_uptime, need_capacity and for_directory all enabled (instead of flags being 0).
If you do the above, your sampled guard set will be able to accomodate any circuit that comes its way and that should simplify logic
considerably.
Sounds great, that can simplify the logic a lot, I've done the change, no more pending_dir_guard.
Hm. Can't you also remove pending_guard? What's the point of it now?
Pending guard was actually for sampled_guard, say when we are in SAMPLED_GUARDS_STATE we don't wan't to make the algo return a new random guard picked_by_banwith, we want to keep the same one until the callback of first hop comes. We can make it specific for sampled_guards after checking the state. Does this make sense?
BTW, looking at your e54551adbfd5be4bee795df10f925b53fc9e730d I suggest you
also use entry_is_live() with the ENTRY_NEED_UPTIME and ENTRY_NEED_CAPACITY flags always enabled. So that it always returns Stable && Fast guards.
Yes, I have done this change.
We should also look at how ENTRY_ASSUME_REACHABLE and ENTRY_NEED_DESCRIPTOR
are used in the rest of the code, to see if we should enable them or not ourselves.
Never saw this before, will look into it.
- There is a memleak on 'extended' in filter_set().
In general, I feel that logic in that function is a bit weird. The function is called filter_set() but it can actually end up adding guards to the list. Maybe it can be renamed?
Split it up to filter_set & expand_set probably can make this clear.
- What's up with the each_remaining_by_bandwidth() function name?
I guess it should be iterate_remaining_guards_by_bandwidth.
Better. Or sample_guard_by_bandwidth() ? Or get_guard_by_bandwidth() ?
IIUC that function is probalistically sampling from the 'guards' set, so it's not really iterating it.
We are actually pick and removing guards from remaining_set in this function, And I saw the filter_set used this function wrong which has been fixed, so maybe `pop` is better than `get`.
Another thing: Do we still need decide_num_guards to define the n_primary_guards? and it's the only remaining one is using for_directory.
Cheers!
Fan Jiang fanjiang@thoughtworks.com writes:
[ text/plain ] On Thu, Apr 21, 2016 at 4:32 AM, George Kadianakis desnacked@riseup.net wrote:
Fan Jiang fanjiang@thoughtworks.com writes:
[ text/plain ] Hi,
Hello Fan and team,
<snip>
Sounds great, that can simplify the logic a lot, I've done the change, no more pending_dir_guard.
Hm. Can't you also remove pending_guard? What's the point of it now?
Pending guard was actually for sampled_guard, say when we are in SAMPLED_GUARDS_STATE we don't wan't to make the algo return a new random guard picked_by_banwith, we want to keep the same one until the callback of first hop comes. We can make it specific for sampled_guards after checking the state. Does this make sense?
Hello,
I'm a bit confused. I can't find this SAMPLED_GUARDS_STATE in the spec or code.
IIUC, we are picking guards from SAMPLED_GUARDS to be used based on their bandwidth? If yes, I'm not sure if that's needed.
Since we already sampled by bandwidth when we originally put the guards in SAMPLED_GUARDS, I don't think we also need to sample by bandwidth when we pick guards from SAMPLED_GUARDS to be used.
Instead you could treat SAMPLED_GUARDS as an ordered FIFO list and always return the top element when you are asked to sample for it. Then you wouldn't need to keep track of 'pending_guard' anymore. That seems simpler.
Did I understand the problem correctly? Do you find any security issues with my suggestion?
BTW, looking at your e54551adbfd5be4bee795df10f925b53fc9e730d I suggest you
also use entry_is_live() with the ENTRY_NEED_UPTIME and ENTRY_NEED_CAPACITY flags always enabled. So that it always returns Stable && Fast guards.
Yes, I have done this change.
Saw the commit. Cheers.
We should also look at how ENTRY_ASSUME_REACHABLE and ENTRY_NEED_DESCRIPTOR
are used in the rest of the code, to see if we should enable them or not ourselves.
Never saw this before, will look into it.
- There is a memleak on 'extended' in filter_set().
In general, I feel that logic in that function is a bit weird. The function is called filter_set() but it can actually end up adding guards to the list. Maybe it can be renamed?
Split it up to filter_set & expand_set probably can make this clear.
- What's up with the each_remaining_by_bandwidth() function name?
I guess it should be iterate_remaining_guards_by_bandwidth.
Better. Or sample_guard_by_bandwidth() ? Or get_guard_by_bandwidth() ?
IIUC that function is probalistically sampling from the 'guards' set, so it's not really iterating it.
We are actually pick and removing guards from remaining_set in this function, And I saw the filter_set used this function wrong which has been fixed, so maybe `pop` is better than `get`.
Another thing: Do we still need decide_num_guards to define the n_primary_guards? and it's the only remaining one is using for_directory.
No, let's not use decide_num_guards to define the number of primary guards. The original purpose of decide_num_guards was completely different, and it does not apply to prop259 very well.
I think it's safe to ignore decide_num_guards for now.
Thanks!
2016年4月22日 上午4:54,"George Kadianakis" desnacked@riseup.net写道:
Fan Jiang fanjiang@thoughtworks.com writes:
[ text/plain ] On Thu, Apr 21, 2016 at 4:32 AM, George Kadianakis <desnacked@riseup.net
wrote:
Fan Jiang fanjiang@thoughtworks.com writes:
[ text/plain ] Hi,
Hello Fan and team,
<snip>
Sounds great, that can simplify the logic a lot, I've done the
change, no
more pending_dir_guard.
Hm. Can't you also remove pending_guard? What's the point of it now?
Pending guard was actually for sampled_guard, say when we are in SAMPLED_GUARDS_STATE we don't wan't to make the algo return a new random guard picked_by_banwith, we want to keep the same one until the callback of first hop comes. We can make it specific for sampled_guards after checking the state. Does this make sense?
Hello,
I'm a bit confused. I can't find this SAMPLED_GUARDS_STATE in the spec or
code.
Ah, Sorry it's STATE_TRY_REMAINING In proposal spec 2.2.2 the second paragraph. Return each entry from REMAINING_GUARDS using NEXT_BY_BANDWIDTH.
IIUC, we are picking guards from SAMPLED_GUARDS to be used based on their bandwidth? If yes, I'm not sure if that's needed.
This was mainly for shuffling the guards again before return. And actually I agree with you that sampled_guards has already been shuffled while filling. FIFO would make things simpler. About Security I don't think it's much different to do random pick on 40 or fewer guards, Will discuss with the team for more inputs or concerns.
Since we already sampled by bandwidth when we originally put the guards in SAMPLED_GUARDS, I don't think we also need to sample by bandwidth when we
pick
guards from SAMPLED_GUARDS to be used.
Instead you could treat SAMPLED_GUARDS as an ordered FIFO list and always return the top element when you are asked to sample for it. Then you
wouldn't
need to keep track of 'pending_guard' anymore. That seems simpler.
Did I understand the problem correctly? Do you find any security issues
with my
suggestion?
BTW, looking at your e54551adbfd5be4bee795df10f925b53fc9e730d I suggest
you
also use entry_is_live() with the ENTRY_NEED_UPTIME and
ENTRY_NEED_CAPACITY
flags always enabled. So that it always returns Stable && Fast guards.
Yes, I have done this change.
Saw the commit. Cheers.
We should also look at how ENTRY_ASSUME_REACHABLE and
ENTRY_NEED_DESCRIPTOR
are used in the rest of the code, to see if we should enable them or not ourselves.
Never saw this before, will look into it.
- There is a memleak on 'extended' in filter_set().
In general, I feel that logic in that function is a bit weird. The function is called filter_set() but it can actually end up adding guards
to the
list. Maybe it can be renamed?
Split it up to filter_set & expand_set probably can make this clear.
- What's up with the each_remaining_by_bandwidth() function name?
I guess it should be iterate_remaining_guards_by_bandwidth.
Better. Or sample_guard_by_bandwidth() ? Or get_guard_by_bandwidth() ?
IIUC that function is probalistically sampling from the 'guards' set,
so
it's not really iterating it.
We are actually pick and removing guards from remaining_set in this function, And I saw the filter_set used this function wrong which has been fixed, so maybe `pop` is better than `get`.
Another thing: Do we still need decide_num_guards to define the n_primary_guards? and
it's
the only remaining one is using for_directory.
No, let's not use decide_num_guards to define the number of primary
guards. The
original purpose of decide_num_guards was completely different, and it
does not
apply to prop259 very well.
cool, will just comment out this.
I think it's safe to ignore decide_num_guards for now.
Thanks!
It seems like we come to a point that most of prop259 can be stable for a while, we are going to do some cleanup in this implementation and spec. I think next week we can ask more people to review, does that sounds OK?
BTW, About your segmentfault I couldn't reproduce, maybe related with your torrc/state file?
Fan Jiang fanjiang@thoughtworks.com writes:
[ text/plain ] 2016年4月22日 上午4:54,"George Kadianakis" desnacked@riseup.net写道:
Fan Jiang fanjiang@thoughtworks.com writes:
[ text/plain ] On Thu, Apr 21, 2016 at 4:32 AM, George Kadianakis <desnacked@riseup.net
wrote:
<snip>
It seems like we come to a point that most of prop259 can be stable for a while, we are going to do some cleanup in this implementation and spec. I think next week we can ask more people to review, does that sounds OK?
Sounds good!
BTW, About your segmentfault I couldn't reproduce, maybe related with your torrc/state file?
I think it's some sort of dangling pointer error. e->chosen_by_version seems to be referring to a corrupted memory address.
Not sure if it's caused by my state file, but in general the prop259 branch should work well with any old state file without crashing.
Here is some gdb output from the segfault:
--- Apr 22 17:08:21.161 [notice] Tor v0.2.8.1-alpha-dev (git-d7ed996b2aba9f10) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1k and Zlib 1.2.8. Apr 22 17:08:21.161 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Apr 22 17:08:21.161 [notice] This version is not a stable Tor release. Expect more bugs than usual. Apr 22 17:08:21.161 [notice] Read configuration file "/home/f/Computers/tor/mytor/../confs/prop259". Apr 22 17:08:21.164 [notice] Opening Socks listener on 127.0.0.1:9999
Program received signal SIGSEGV, Segmentation fault. __strchr_sse2 () at ../sysdeps/x86_64/multiarch/../strchr.S:32 32 ../sysdeps/x86_64/multiarch/../strchr.S: No such file or directory. (gdb) up #1 0x000055555567eb25 in guards_update_state (next=0x5555559c3f40, next@entry=0x5555559c35e8, guards=guards@entry=0x5555559c4620, config_name=config_name@entry=0x55555570c3be "UsedGuard") at src/or/prop259.c:1155 1155 !strchr(e->chosen_by_version, ' ')) { (gdb) p/x e $1 = 0x5555559c42d0 (gdb) p/x e->chosen_by_version $2 = 0x4137323000000000 (gdb) x/s chosen_by_version No symbol "chosen_by_version" in current context. (gdb) x/s e->chosen_by_version 0x4137323000000000: <error: Cannot access memory at address 0x4137323000000000> ---
and here is my state file in case it matters:
--- EntryGuard jaures4 5CF8AFA5E4B0BB88942A44A3F3AAE08C3BDFD60B DirCache EntryGuardAddedBy 5CF8AFA5E4B0BB88942A44A3F3AAE08C3BDFD60B 0.2.5.12 2016-01-11 02:54:36 EntryGuard SGGSUK4 38F423A4320380FFE32DB60B72E7457CD6E3F096 DirCache EntryGuardAddedBy 38F423A4320380FFE32DB60B72E7457CD6E3F096 0.2.5.12 2016-01-25 08:20:31 EntryGuard aTomicRelayFR1 25EF027A85BAA044048AD1D635AF8583DB88C08F DirCache EntryGuardAddedBy 25EF027A85BAA044048AD1D635AF8583DB88C08F 0.2.5.12 2016-02-06 01:04:20 TorVersion Tor 0.2.5.12 (git-3731dd5c3071dcba) LastWritten 2016-02-07 18:18:11 ---
Hi,
Just some update, We fixed this chosen_by_version SIGSEGV error, And Tania is working on removing XXX comments.
Will keep u updated when we close more issues.
Cheers, Fan
On Fri, Apr 22, 2016 at 9:14 AM, George Kadianakis desnacked@riseup.net wrote:
Fan Jiang fanjiang@thoughtworks.com writes:
[ text/plain ] 2016年4月22日 上午4:54,"George Kadianakis" desnacked@riseup.net写道:
Fan Jiang fanjiang@thoughtworks.com writes:
[ text/plain ] On Thu, Apr 21, 2016 at 4:32 AM, George Kadianakis <
desnacked@riseup.net
wrote:
<snip>
It seems like we come to a point that most of prop259 can be stable for a while, we are going to do some cleanup in this implementation and spec. I think next week we can ask more people to review, does that sounds OK?
Sounds good!
BTW, About your segmentfault I couldn't reproduce, maybe related with
your
torrc/state file?
I think it's some sort of dangling pointer error. e->chosen_by_version seems to be referring to a corrupted memory address.
Not sure if it's caused by my state file, but in general the prop259 branch should work well with any old state file without crashing.
Here is some gdb output from the segfault:
Apr 22 17:08:21.161 [notice] Tor v0.2.8.1-alpha-dev (git-d7ed996b2aba9f10) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1k and Zlib 1.2.8. Apr 22 17:08:21.161 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Apr 22 17:08:21.161 [notice] This version is not a stable Tor release. Expect more bugs than usual. Apr 22 17:08:21.161 [notice] Read configuration file "/home/f/Computers/tor/mytor/../confs/prop259". Apr 22 17:08:21.164 [notice] Opening Socks listener on 127.0.0.1:9999
Program received signal SIGSEGV, Segmentation fault. __strchr_sse2 () at ../sysdeps/x86_64/multiarch/../strchr.S:32 32 ../sysdeps/x86_64/multiarch/../strchr.S: No such file or directory. (gdb) up #1 0x000055555567eb25 in guards_update_state (next=0x5555559c3f40, next@entry=0x5555559c35e8, guards=guards@entry=0x5555559c4620, config_name=config_name@entry=0x55555570c3be "UsedGuard") at src/or/prop259.c:1155 1155 !strchr(e->chosen_by_version, ' ')) { (gdb) p/x e $1 = 0x5555559c42d0 (gdb) p/x e->chosen_by_version $2 = 0x4137323000000000 (gdb) x/s chosen_by_version No symbol "chosen_by_version" in current context. (gdb) x/s e->chosen_by_version 0x4137323000000000: <error: Cannot access memory at address 0x4137323000000000>
and here is my state file in case it matters:
EntryGuard jaures4 5CF8AFA5E4B0BB88942A44A3F3AAE08C3BDFD60B DirCache EntryGuardAddedBy 5CF8AFA5E4B0BB88942A44A3F3AAE08C3BDFD60B 0.2.5.12 2016-01-11 02:54:36 EntryGuard SGGSUK4 38F423A4320380FFE32DB60B72E7457CD6E3F096 DirCache EntryGuardAddedBy 38F423A4320380FFE32DB60B72E7457CD6E3F096 0.2.5.12 2016-01-25 08:20:31 EntryGuard aTomicRelayFR1 25EF027A85BAA044048AD1D635AF8583DB88C08F DirCache EntryGuardAddedBy 25EF027A85BAA044048AD1D635AF8583DB88C08F 0.2.5.12 2016-02-06 01:04:20 TorVersion Tor 0.2.5.12 (git-3731dd5c3071dcba) LastWritten 2016-02-07 18:18:11
-
Fan Jiang -
George Kadianakis