[Bug]Check server timeout /Exit node timeout leading to false negative

[codarrenvelvindron]

Hi,

2016-01-09 14:38:44,700 [ERROR]: Found false negative for https://atlas.torproject.org/#details/816CBF7FCF565F87195C6618FB2FAF8AE71B99F4. Desc addr is 120.56.163.114 and check addr is 120.56.163.114.

Ran a checktest and got a hit but the des addr and check addr were the same.

I think there is an issue.

Currently digging further.

[codarrenvelvindron]

Yet another hit! 2016-01-09 15:37:44,711 [ERROR]: Found false negative for https://atlas.torproject.org/#details/06D7B21EE71E3903BCF344A8E2E331C7F534164C. Desc addr is 36.55.228.145 and check addr is 36.55.228.145.

[codarrenvelvindron]

Seems to come from the list of relays:

The check for exitmap works correctly The issue comes from Atlas, marking an IP as being invalid [false] when in fact it is valid and should return [true]

2016-01-09 18:33:06,686 [ERROR]: Found false negative for https://atlas.torproject.org/#details/3DFD5C51D75D753C94E7CE7AFAE4D157B6000782. Desc addr is 178.65.169.217 and check addr is 178.65.169.217.

[codarrenvelvindron]

Hello Nullhypothesis,

Checked the IsTor response. IsTor has 3 responses: Is a tor exit Is not a tor Exit And a timeout

Found the documentation on tor exits: https://trac.torproject.org/projects/tor/wiki/doc/TorDNSExitList

---

$istor = torel_check($ip, $myport, $myip);

// use $istor as needed for altering page behavior: if ($istor < 0) { // DNS query failed to get an answer } elseif ($istor) { // Endpoint is a known Tor exit } else { // Endpoint does not appear to be a Tor exit }

---

Can we insert a check for the case where both ips match but the node is returning false, then it would make the requests a few more times to eliminate the possibility of erronous false negatives.

Because it seems a timeout is returning false when in fact the node is valid... when i would launch checktest again, it detects the previously erronous node as valid again

[NullHypothesis]

Ran a checktest and got a hit but the des addr and check addr were the same.

Note that this doesn't really matter. The purpose of the module is to find exit relays that check.torproject.org doesn't recognise as relays. If they happen to have the same descriptor and check address, so be it. As a result, I think this is actually a bug in the check service and not in this module, right?

Also, I think you are referencing the wrong source code repository. For the JSON structure of the check API, have a look at: https://gitweb.torproject.org/check.git/tree/handlers.go#n103 The IsTor variable is boolean.

[codarrenvelvindron]

Nullhypothesis,

Thanks so much for the correct repository! I agree with what you said. I do appologize for being unclear at best with my previous response. (very sleepy yesterday)

The way I see it is that there are 3 cases:

1. Same Desc + Different address = False Negative ==>Correct
2. Same Desc + Same Address = Valid node (check server returning true) ==>Correct
3. Same Desc + Same Address = Valid node (check server returning false - due to timeout or whatever server failure) ==> Incorrect

The 3rd case is the one of interest to us. So in the case of same descriptor and same address yielding a false response

My proposed solutions:

1. Output a more descriptive response : (Node is a false positive or possible server/Exit node timeout) OR
2. Perform a double check on the node. If we get a false answer again -->Its a confirmed False Negative. If we get a true answer this time --> Its a valid node.

BRegards, Codarren

[codarrenvelvindron]

Upon close reading of the code, I believe the issue is somewhere else. Therefore, I am closing this ticket

[NullHypothesis]

Yes, I think so too. Thanks, and let me know once you figured it out.