Re: ExcludeNodes doesn't work right

[Robert Hogan]

On Thursday 30 April 2009 08:15:02 Scott Bennett wrote:
  About a day ago, I added a list of obsolete nodes, mostly running
 0.1.*.* releases, to my ExcludeNodes list in torrc.  One of those was
 TSL.  I still see TSL being chosen for routes for circuits.  I've
 noticed such apparent violations and commented upon them previously
 here.
  What I don't yet know is whether I might be misunderstanding what
 ExcludeNodes is supposed to do, based upon my understanding of the tor
 man page, which says,

 ExcludeNodes node,node,...
A  list  of  identity fingerprints, nicknames, country codes and
address patterns of nodes to never use when building a  circuit.
(Example:  ExcludeNodes SlowServer, $ABCDEFFF, {cc},
255.254.0.0/8)

 It seems to me that as soon as I send tor a SIGHUP after adding a node
 to ExcludeNodes in torrc, tor ought to begin excluding it from future
 path selections and ought also to remove it from its list of chosen
 entry guards if it is in that list.  If my understanding of what
 ExcludeNodes is supposed to do is incorrect, I'd very much appreciate
 someone letting me know and also some advice as to how to accomplish
 real, immediate exclusion of the node from any new circuits established
 by the client side of tor.

ExcludeNodes isn't respected by tor when building circuits for 'internal' 
use, e.g. directory updates. If you can confirm that the nodes are being 
chosen for circuits that are for the user's use then that would indicate a 
problem.

I think the best way of tracking it would be to do:

telnet localhost 9051
authenticate
setevents extended circ stream
set excludenodes={your exclude nodes}

then watch/log the output. if you see 'purpose=general' against a stream on 
a circuit containing an excluded route created after you set the 
excludenodes then there may be a problem worth investigating. You could 
post the suspect output here.




  Thanks for any information on this matter.


   Scott Bennett, Comm. ASMELG, CFIAG
 **
 * Internet:   bennett at cs.niu.edu  *
 **
 * A well regulated and disciplined militia, is at all times a good  *
 * objection to the introduction of that bane of all free governments *
 * -- a standing army.   *
 *-- Gov. John Hancock, New York Journal, 28 January 1790 *
 **




signature.asc
Description: This is a digitally signed message part.

ExcludeNodes doesn't work right

[Scott Bennett]

 About a day ago, I added a list of obsolete nodes, mostly running 0.1.*.*
releases, to my ExcludeNodes list in torrc.  One of those was TSL.  I still
see TSL being chosen for routes for circuits.  I've noticed such apparent
violations and commented upon them previously here.
 What I don't yet know is whether I might be misunderstanding what
ExcludeNodes is supposed to do, based upon my understanding of the tor man
page, which says,

ExcludeNodes node,node,...
   A  list  of  identity fingerprints, nicknames, country codes and
   address patterns of nodes to never use when building a  circuit.
   (Example:  ExcludeNodes SlowServer, $ABCDEFFF, {cc},
   255.254.0.0/8)

It seems to me that as soon as I send tor a SIGHUP after adding a node to
ExcludeNodes in torrc, tor ought to begin excluding it from future path
selections and ought also to remove it from its list of chosen entry guards
if it is in that list.  If my understanding of what ExcludeNodes is supposed
to do is incorrect, I'd very much appreciate someone letting me know and also
some advice as to how to accomplish real, immediate exclusion of the node from
any new circuits established by the client side of tor.
 Thanks for any information on this matter.


  Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet:   bennett at cs.niu.edu  *
**
* A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army.   *
*-- Gov. John Hancock, New York Journal, 28 January 1790 *
**