Expand description
The Tor directory mirror implementation.
§Specifications
§Rationale
The network documents specified in the directory specification form a fundamental part within the Tor protocol, namely the creation and distribution of a canonical list, listing all relays present in the Tor network, thereby giving all clients a unified view of the entire Tor network, a fact that is very important for defending against partitioning attacks and other potential attacks in the domain of distributed networks.
These network documents are generated, signed, and served by so called “directory authorities”, a set of 10-ish highly trusted Tor relays more or less governing the entirety of the Tor network.
Now here comes the bottleneck: Tor has millions of active daily users but only 10-ish relays responsible for these crucial documents. Having all clients download from those 10-ish relays would present an immense overload to those, thereby potentially shutting the entire Tor network down, if the amount of traffic to those relays is so high, that they are unable to communicate and coordinate under themselves.
Fortunately, all network documents are either directly or indirectly signed by well-known keys of directory authorities, thereby making mirroring them trivially possible, due the fact that authenticity can be established outside the raw TLS connection thanks to cryptographic signatures.
This is the place where directory mirrors come in hnady. Directory mirrors (previously known as “directory caches”) are ordinary relays that mirror all network documents from the authorities, by implementing the respective routes for all HTTP GET endpoints from the relays.
The network documents are usually served through ordinary Tor circuits,
by accepting incoming connections through RELAY_BEGIN_DIR cells.
In the past, this was done by some relays optionally enabling an additional
socket on the ordinary Internet through a dedicated SocketAddr, known as
“directory address”. Since about 2020, this is no longer done. However,
the functionality continues to persist and this module is written fairly
agnostic on how it accepts such connections, as directory authorities continue
to advertise their directory address.
Structs§
- DirMirror
- Core data type of a directory mirror.