Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

signaling newnym and reloading torrc #62

Closed
nyxnor opened this issue Jun 15, 2021 · 5 comments
Closed

signaling newnym and reloading torrc #62

nyxnor opened this issue Jun 15, 2021 · 5 comments
Labels
Suggestion

Comments

@nyxnor
Copy link
Contributor

nyxnor commented Jun 15, 2021
edited
Loading

There is many ways to signal newnym
new_ident.sh requires password, this can be cut off (using stem will ask for a password, using tor-prompt won't AFAIK, even though I find this strange, my tests resulted this way)

NEWNYM

sudo -u debian-tor tor-prompt --run 'SIGNAL NEWNYM'

-i 9051 does not need to be mentioned if using the default port.

Also possible to call using stem

from stem import Signal
from stem.control import Controller

with Controller.from_port(port = 9051) as controller:
  controller.authenticate(password=password)
  controller.signal(Signal.NEWNYM)

HUP

Also, restaring tor just because of editing torrc should not be done for sake of time. There should be an option to restart Tor of course, but just when necessary.

sudo -u debian-tor tor-prompt --run 'SIGNAL HUP'

or (this option below does not let you choose ControlPort)

sudo pkill -sighup tor

Also possible to call using stem

from stem import Signal
from stem.control import Controller

with Controller.from_port(port = 9051) as controller:
  controller.authenticate(password=password)
  controller.signal(Signal.HUP)

Source:
@nyxnor nyxnor changed the title signaling newnym signaling newnym and reloading torrc Jun 15, 2021
@nyxnor
Copy link
Contributor Author

nyxnor commented Jul 7, 2021
edited
Loading

Restart should still be a menu entry, but give option to just HUP helps too.
Using restarting_tor and including force option to make sure to restart when required

# restarting_tor(<source script> <force>)
# Used predefined variables: RED, NOCOLOR
# This function restarts Tor if required with 'force', else it will just sighup.
restarting_tor()
{
  SOURCE_SCRIPT=$1
  ACTION=$2
  if [ "${ACTION}" == "force" ]; then
    echo -e "${RED}[+] Restarting tor!${NOCOLOR}"
    sudo systemctl restart tor &
    echo -e "${RED}[+] DONE! Checking progress - please be patient!${NOCOLOR}"
    echo -e "    Ignore any error messages, just wait..."
    echo -e "    At the end, you should see \"Bootstrapped 100%: Done\"."
  else
    echo -e "${RED}[+] Sending HUP signal to tor!${NOCOLOR}"
    sudo pkill -sighup tor &
    echo -e "${RED}[+] DONE! Checking progress - please be patient!${NOCOLOR}"
    echo -e "    Ignore any error messages, just wait..."
  fi
  echo -e "    You can leave the progress report with CTRL-C."
  echo ""
  sleep 2
  trap "bash $SOURCE_SCRIPT; exit 0" SIGINT
  sudo tail -f -n 0 /var/log/tor/notices.log
}

radio24 added a commit that referenced this issue Jul 14, 2021
@radio24
new_ident replaced by tor-prompt (SIGNAL NEWNYM) - see issue #62
dbd551c
@radio24
Copy link
Owner

radio24 commented Jul 14, 2021
edited
Loading

With commit dbd551c, the new_ident script is replaced by sudo -u debian-tor tor-prompt --run 'SIGNAL NEWNYM'

@radio24
Copy link
Owner

radio24 commented Jul 15, 2021

Regarding the proposal to implement to HUP tor instead of restarting it, I did a few tests during the last few days. So far, I don't see a significant advantage to distingue between a "real" restart and a "reload" of the configuration. On the contrary, the HUP variant gives less information about reloading. Also, I think that with restarting tor, I'm on the safer side, even if it needs more time on some occasions.

@radio24 radio24 removed the Follow label Jul 15, 2021
@nyxnor
Copy link
Contributor Author

nyxnor commented Jul 15, 2021
edited
Loading

I don't see a significant advantage to distingue between a "real" restart and a "reload" of the configuration.

Did you test with bridges? With bridges it has significant difference cause they take more time to bootstrap when restarting and no need to do so when reloading.

On the contrary, the HUP variant gives less information about reloading.

It gives then necesssaary info of what it does, reading the config files and data dir

I'm on the safer side,

Also, to be on the safer side there is
sudo systemctl reload-or-restart, it will reload the service if it is active, it it is failed or stopped it will restart it.

  • Plus I do recommend leaving both options. Restart and Reload, but only restart when choosing that option on the menu, else when editing the torrc, just reload.

@radio24
Copy link
Owner

radio24 commented Jul 15, 2021

I don't see a significant advantage to distingue between a "real" restart and a "reload" of the configuration.

Did you test with bridges? With bridges it has significant difference cause they take more time to bootstrap when restarting and no need to do so when reloading.

Yes, I tested it with OBFS4 bridges but ran into problems. It didn't seem to work, but I couldn't follow the log because of the reduced log entries. When I restarted tor with the same configuration, I had no problem, and I could follow the log entries if the bridge is used correctly. So, I thought that maybe HUP will not work with OBFS4 bridges.

@radio24 radio24 closed this as completed Jul 15, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Suggestion
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@radio24 @nyxnor