avoid DirPort 127.0.0.1:9030

[adrelanos]

From the corridor readme... Quote:

You may want to add the line

DirPort 127.0.0.1:9030

to /etc/tor/torrc to always keep the relay list up to date, even when there's no local activity and tor would otherwise suspend itself.

This is quite bad since this:

• complicates instructions
• setup cannot be as automatic as installing a package, still requires manual /etc/tor/torrc edits. (And editing such files by using scripts is problematic for many reasons and usually forbidden by distribution policies.)
• This issue has probably not been reported upstream?
• Could have unwanted effects, see below.

From https://www.torproject.org/docs/tor-manual.html.en:

DirPort [address:]PORT|auto [flags]

If this option is nonzero, advertise the directory service on this port. Set it to "auto" to have Tor pick a port for you. This option can occur more than once, but only one advertised DirPort is supported: all but one DirPort must have the NoAdvertise flag set. (Default: 0)

The same flags are supported here as are supported by ORPort.

advertise the directory sounds scary. Even if only listening on localhost as corridor instructions recommend, I would not be surprised if it still is advertised to the directories, due to some bug. It looks like a very uncommon way to use Tor so I would not be surprised if this is entirely untested.

Perhaps as short term fix, the NoAdvertise flag should be set.

As long term fix, could you report a bug against Tor please? I would do it myself, but I do not really understand the issue you are trying to work around here. Or raise this issue on the tor-talk mailing list? Perhaps there is a better workaround. (Yes, asking on tor-talk can work, I recently got my questions quickly and exhaustingly answered by Roger.)

[rustybird]

advertise the directory sounds scary.

True, but it doesn't actually happen unless an ORPort is also being advertised.

Perhaps as short term fix, the NoAdvertise flag should be set.

Done. Better not rely on undocumented behavior.

As long term fix, could you report a bug against Tor please? I would do it myself, but I do not really understand the issue you are trying to work around here. Or raise this issue on the tor-talk mailing list? Perhaps there is a better workaround.

It's not really a bug, tor just doesn't want to waste everyone's bandwidth by continuing to download consensus documents when nothing seems to use it. That is, IIRC, when it hasn't recently opened a general purpose circuit, and it's not configured to download other consensus flavors (FetchUselessDescriptors 1), and it's not running as a server, then the consensus and thus corridor_relays will get stale. DirPort looked like the best way to prevent this, AFAICT its only side effect is a more aggressive retry schedule in case six attempts to download the consensus have already failed (don't be confused by the somewhat misleading Testing prefix):

https://gitweb.torproject.org/tor.git/tree/src/or/config.c?id=3ac434104af0a40e75bfb5116046eae1cd51f6d3#n477 https://gitweb.torproject.org/tor.git/tree/src/or/directory.c?id=3ac434104af0a40e75bfb5116046eae1cd51f6d3#n3732

Though it would be good to have a less invasive torrc option. I have to search again where exactly the conditions are evaluated in the source code, can't find it right now.

setup cannot be as automatic as installing a package, still requires manual /etc/tor/torrc edits. (And editing such files by using scripts is problematic for many reasons and usually forbidden by distribution policies.)

Add it to the endless list of things that https://trac.torproject.org/projects/tor/ticket/1922 would make easier, eh? But SETCONF in corridor-data should work too, will try this soon(ish).

[rustybird]

corridor uses SETCONF DirPort="127.0.0.1:9030 NoAdvertise" now. It's still a hack, so I'm leaving this issue open.