How to get correct tor status

Installing and Using OpenWrt Network and Wireless Configuration
1

Hi,

I configured the tor client on the router and it worked very well. Now I need to make a simple UI for it where the user can configure and view the status.
I have no way to get the status of the connection to tor, I can get the following log

Nov 04 09:11:24.000 [notice] Tor 0.3.2.10 (git-31cc63deb69db819) opening new log file.
Nov 04 09:11:53.000 [notice] {CONTROL} Bootstrapped 0%: Starting
Nov 04 09:12:27.000 [notice] {CONTROL} Bootstrapped 80%: Connecting to the Tor network
Nov 04 09:15:16.000 [notice] {CONTROL} Bootstrapped 85%: Finishing handshake with first hop
Nov 04 09:15:17.000 [notice] {CONTROL} Bootstrapped 90%: Establishing a Tor circuit
Nov 04 09:15:18.000 [notice] {CONTROL} Bootstrapped 100%: Done

But this is not reliable, because my network will be disconnected at any time, the corresponding log will not be updated effectively, I will get an error status.

Through https://check.torproject.org/ access to the state is reliable, but I don't want to use this way, because he will consume my data traffic.

Is there any other way I can get to the right state?

Thanks.

2

You can use the local Tor Control API on port 9051 to get that information (and a lot more).
Typically something like calling AUTHENTICATE and GETINFO network-liveness will give you something similar to the log content you're seeing in syslog.

Documentation here: Control Specs

1 Like
3

Thank you very much. I think it will solve my problem.

4

Hi @VincentR

I got the status through network-related liveness, but I found that it is not real-time. Sometimes, it takes more than ten minutes to update.

~FTFF%7DI~B%7BN7O%24WJ%405A03TE
~FTFF}I~B{N7O$WJ@5A03TE.png387×574 4.76 KB

I tried to find some useful configuration here, but didn't get what I wanted.
Is there any way to make this state real time?

Thanks.

5

It's as "real-time" as you're going to get it from my experience. It is a view as to the actual status within the Tor process. All the network connection/reconnection is handled inside Tor which means it takes up to a couple of minutes for the process to realise that it is no longer connected to the Tor network.You could build additional logic on your own if you want to attempt to preempt disconnection - for example, you could assume that if the main internet connection is gone, Tor is as good as disconnected (aka will change to disconnected over the next while).

1 Like
6 
nslookup example.org 127.0.0.1#9053 &> /dev/null && echo OK || echo FAIL

I'm not sure how you have configured it, but it is simple for me: I can access the Intenet when it works, otherwise I can't.

1 Like
7

cat /tmp/lib/tor/state

2 Likes
8

Hi,

There's a lot of information in this file, but what criteria do I use to determine if tor is connected correctly?
Maybe this is a very rookie problem, hope to get some help.

# Tor state file last generated on 2019-11-06 07:59:03 local time
# Other times below are in UTC
# You *do not* need to edit this file.

Guard in=default rsa_id=935F589545B8A271A722E330445BB99F67DBB058 nickname=Multivac0 sampled_on=2019-11-02T21:14:11 sampled_by=0.3.2.10 listed=1
Guard in=default rsa_id=509EAB4C5D10C9A9A24B4EA0CE402C047A2D64E6 nickname=zwiebeltoralf2 sampled_on=2019-10-29T20:25:46 sampled_by=0.3.2.10 listed=1
Guard in=default rsa_id=F381D6294A93A0078B76D0DCA332133CF5C8F687 nickname=hoFFy sampled_on=2019-10-25T16:04:55 sampled_by=0.3.2.10 listed=1 confirmed_on=2019-10-30T22:06:02 confirmed_idx=1 pb_circ_attempts=1.000000 pb_timeouts=9.000000
Guard in=default rsa_id=1AAD015F4D885413A2BCE0E58159116901236C49 nickname=Unnamed sampled_on=2019-10-27T10:13:57 sampled_by=0.3.2.10 listed=1 confirmed_on=2019-11-01T20:32:16 confirmed_idx=0 pb_circ_attempts=30.000000 pb_circ_successes=29.000000 pb_successful_circuits_closed=29.000000 pb_timeouts=16.000000
Guard in=default rsa_id=003BFA1B6CC5CBEFD5D0082F8FC9AF2A8868A8FB nickname=xX0seamus0Xx sampled_on=2019-10-26T16:54:08 sampled_by=0.3.2.10 listed=1
Guard in=default rsa_id=204DFB522C669764D1DB880ACF2CB16AA8CC9881 nickname=WISLA sampled_on=2019-10-27T16:00:03 sampled_by=0.3.2.10 listed=1
Guard in=default rsa_id=FF9FC6D130FA26AE3AE8B23688691DC419F0F22E nickname=angeltest3 sampled_on=2019-10-26T16:42:43 sampled_by=0.3.2.10 listed=1
Guard in=default rsa_id=5DB9AE27A44EB7B476CC04A66C67A71C97A001E6 nickname=Chenjesu sampled_on=2019-11-03T17:19:27 sampled_by=0.3.2.10 listed=1
Guard in=default rsa_id=25BB5182DE68DA6FC1BEE2C8A63454369587E95F nickname=freudianpopsicle sampled_on=2019-11-04T21:54:56 sampled_by=0.3.2.10 listed=1
Guard in=default rsa_id=7A1E55BF6301C8F9FF9677F6B07D04C0A6327667 nickname=framboise sampled_on=2019-10-25T19:24:37 sampled_by=0.3.2.10 listed=1 confirmed_on=2019-10-29T09:52:48 confirmed_idx=2 pb_circ_attempts=78.000000 pb_circ_successes=76.000000 pb_successful_circuits_closed=76.000000 pb_timeouts=2.000000
Guard in=default rsa_id=DD0C8EEC5CA402A9FA4478F10C31A440F71F6885 nickname=chaosDelroth sampled_on=2019-11-03T20:01:13 sampled_by=0.3.2.10 listed=1
Guard in=default rsa_id=F5746F6257DFE87E3A90753C2A0439926C55552F nickname=Hijnn sampled_on=2019-11-01T23:15:58 sampled_by=0.3.2.10 listed=1
Guard in=default rsa_id=B00B6BA943600447CF72D58DB7A35B16754E43C8 nickname=MyTorNode sampled_on=2019-10-29T04:58:11 sampled_by=0.3.2.10 listed=1
Guard in=default rsa_id=0ED0EA324C931CF41CB5272BFB1D015B3D5772A9 nickname=TOR2DFNrelB sampled_on=2019-10-30T05:32:06 sampled_by=0.3.2.10 listed=1
Guard in=default rsa_id=361D33C96D0F161275EE67E2C91EE10B276E778B nickname=cxx4freedom sampled_on=2019-10-26T08:43:23 sampled_by=0.3.2.10 listed=1
Guard in=default rsa_id=1AFF59F9B2579D78284EF7173A183F34086D4B56 nickname=BlackBox sampled_on=2019-10-27T23:25:10 sampled_by=0.3.2.10 listed=1
Guard in=default rsa_id=80AAF8D5956A43C197104CEF2550CD42D165C6FB nickname=mdfnet2 sampled_on=2019-10-25T23:43:23 sampled_by=0.3.2.10 listed=1
Guard in=default rsa_id=6FF440DFB1D0697B942357D747900CC308DD57CC nickname=atlantis sampled_on=2019-11-02T22:06:16 sampled_by=0.3.2.10 listed=1
Guard in=default rsa_id=41E041EC676622FFEE59F56BC75B99CD0D47F653 nickname=hyp3rion sampled_on=2019-11-03T22:32:39 sampled_by=0.3.2.10 listed=1
Guard in=default rsa_id=B25427A8F4A485E03EDA31757AB1C33DBE587428 nickname=DefinitelyNotTheFBI sampled_on=2019-10-27T16:15:50 sampled_by=0.3.2.10 listed=1
TorVersion Tor 0.3.2.10 (git-31cc63deb69db819)
LastWritten 2019-11-06 07:59:03
TotalBuildTimes 105
CircuitBuildTimeBin 1125 1
CircuitBuildTimeBin 1175 1
CircuitBuildTimeBin 1275 3
CircuitBuildTimeBin 1325 3
CircuitBuildTimeBin 1375 13
CircuitBuildTimeBin 1425 8
CircuitBuildTimeBin 1475 10
CircuitBuildTimeBin 1525 7
CircuitBuildTimeBin 1575 5
CircuitBuildTimeBin 1625 5
CircuitBuildTimeBin 1675 5
CircuitBuildTimeBin 1725 6
CircuitBuildTimeBin 1775 3
CircuitBuildTimeBin 1825 5
CircuitBuildTimeBin 1875 2
CircuitBuildTimeBin 1925 3
CircuitBuildTimeBin 1975 4
CircuitBuildTimeBin 2025 2
CircuitBuildTimeBin 2075 1
CircuitBuildTimeBin 2125 1
CircuitBuildTimeBin 2275 1
CircuitBuildTimeBin 2375 1
CircuitBuildTimeBin 2425 1
CircuitBuildTimeBin 2675 1
CircuitBuildTimeBin 2725 1
CircuitBuildTimeBin 2825 1
CircuitBuildTimeBin 2875 1
CircuitBuildTimeBin 3175 1
CircuitBuildTimeBin 3225 2
CircuitBuildTimeBin 3275 1
CircuitBuildTimeBin 3325 1
CircuitBuildTimeBin 11375 1
CircuitBuildTimeBin 12175 1
CircuitBuildTimeBin 12325 1
CircuitBuildTimeBin 14125 1
CircuitBuildTimeBin 14875 1
9

Personally, I'd test if Tor is working from a web browser or other kind of client (as you did); but in relation to the state file's contents, see:

Also, your log said that Tor was connected, so I'm not sure why you're still trying to determine that. What do you mean by "network disconnected"?

I surmise you understand that - if your WAN goes down, so would Tor.

Also see: https://2019.www.torproject.org/docs/faq.html.en#EntryGuards

3 Likes
10

I think OP is trying to detect the situation when the device has no internet at all (and TOR is obviously not functioning), but TOR insists that "everything is all right".

In this situation, I will probably script a periodic wget/curl execution to test that an external page can be reached.

2 Likes
11

The OP could also use the control port, see:

user@machine:~$ telnet 192.168.xxx.xxx 9051
Trying 192.168.xxx.xxx...
Connected to 192.168.xxx.xxx.
Escape character is '^]'.
AUTHENTICATE "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
250 OK
getinfo circuit-status
250+circuit-status=
1 BUILT $2687FFBD548BD3E6F4E80F97E3AECE274DC73487~TorRelay38W9CB46,$B9233588917C5F6B7DA771118707090591BC4C87~456f,$2CAEC55A7854FE3CB37BE80328086FDF89E082C4~geri BUILD_FLAGS=NEED_CAPACITY PURPOSE=GENERAL TIME_CREATED=2019-11-06T15:51:07.867653
5 BUILT $2687FFBD548BD3E6F4E80F97E3AECE274DC73487~TorRelay38W9CB46,$FCE1BE2C7698FAAF2E4889D9407E682316E65F78~TorDEFalkenstein1,$B411027C926A9BFFCF7DA91E3CAF1856A321EFFD~pulsetor BUILD_FLAGS=IS_INTERNAL,NEED_CAPACITY,NEED_UPTIME PURPOSE=GENERAL TIME_CREATED=2019-11-06T15:51:11.911013
3 BUILT $2687FFBD548BD3E6F4E80F97E3AECE274DC73487~TorRelay38W9CB46,$F9674F45A25CAA977E7B872807E0A070C121F5FA~Aloha,$ED3ACBBB89C5F1597A44A65D2FA203BDB8E208F2~Isoalliin BUILD_FLAGS=IS_INTERNAL,NEED_CAPACITY,NEED_UPTIME PURPOSE=GENERAL TIME_CREATED=2019-11-06T15:51:09.888457
4 BUILT $2687FFBD548BD3E6F4E80F97E3AECE274DC73487~TorRelay38W9CB46,$AFF320BA96E4338B61A008D2CA250FFE0E23B09C~Unnamed,$BD552C165E2ED2887D3F1CCE9CFF155DDA2D86E6~Schakalium BUILD_FLAGS=IS_INTERNAL,NEED_CAPACITY,NEED_UPTIME PURPOSE=GENERAL TIME_CREATED=2019-11-06T15:51:10.899466
6 BUILT $2687FFBD548BD3E6F4E80F97E3AECE274DC73487~TorRelay38W9CB46,$48B4F7EE8E1F87EA544C9498FF463A6DDC3A4795~Unnamed,$5C96895227E42FD74B4B1445A9AE59BD9FF42879~Onions BUILD_FLAGS=NEED_CAPACITY PURPOSE=GENERAL TIME_CREATED=2019-11-06T15:57:30.296480
.
250 OK
getinfo stream-status
250-stream-status=
250 OK
^]
telnet> quit
Connection closed.

You must set a HashedControlPassword to authenticate.

2 Likes
12

I tried to get the status from port 9051, but it wasn't accurate.
Perhaps tor has no connected or disconnected status.
Anyway, thank you very much for your advice.

13

It's still not clear:

  • How exactly do you want to utilize the status information?
  • Why the current methods are not reliable/accurate enough in your case?

Depending on it, we can try to find a better solution.

1 Like
14

I have a device that I need to use an icon on the LCD to indicate whether the router provides tor service, and it only has two states is UP or DOWN.
SZ0%7B6D%24%5DI)GKXVM(EGLO_%60J

My device using LTE data, so I don't want to request network ways to obtain state, such as through https://check.torproject.org/ , this will consume my data traffic, and is likely to data leakage.

@VincentR gave me some great suggestions, but the state I picked up from network socket is not a real-time state. Sometimes it takes more than ten minutes to update.
Maybe it takes this long for a status update, but I want it to be faster.

I can get some information through /tmp/lib/tor/state. There is a lot of information here, but it is not what I want. I only need two states, UP or DOWN

Thanks again to the community for their help.

1 Like
15

Maybe you could have some logic as follow:

  • when both tor and your internet interface(s) say "up" - consider your service is "up"
  • if either tor or your internet interface(s) say "down" - consider your service is "down"
  • reload/restart tor when your internet interface(s) comes back up to force a re-initialisation of the tor connections and state
  • potentially stop tor when the internet interface(s) is not up anyway (typically the latest working configuration stays cached to speed things up when it restarts). Otherwise, tor can use quite a lot of resources (eg. CPU) when attempting to reconnect.
1 Like
16

You do understand that - there's no such thing as "Tor up" or "Tor down", correct?
It's distributed.

See:

Starting at 3 min 30 secs:

Therefore, if you have valid Guard in list with their valid key hashes, you are "connected". You can search and validate these hashes (or the server nickname) here: https://metrics.torproject.org/rs.html#search (BTW, here's the link to the Metrics .onion page, and other TorProject sites: https://onion.torproject.org/)

  • Is this an OpenWrt device!?!?
  • If not, how does it use OpenWrt to connect to Tor?
  • Are you 100% sure that you have an OpenWrt running Tor?
  • What is the make/model of your device?

I find that nearly impossible.

You're saying:

  • You've seen the status information; and
  • You know it to be inaccurate...

How?

Please verify you're connected to the correct Tor instance on OpenWrt; and not an instance running on your laptop/PC for example. Also make sure you're not running nested Tor (e.g. on your LTE modem and OpenWrt too). I'm not sure how your modem sees Tor (or was programmed to check) if the device doesn't have it installed already. Also, I wouldn't trust anything with closed course firmware from a Chinese agency to run Tor (or check an .onion) for me.

This doesn't obtain a state, it makes a virtual circuit and uses Tor to reach the website. I think you confuse that green onion on the web page for "Up" - when you should be verifying connectivity to your current guard nodes.

1 Like
17

Thank you for your detailed and patient reply.

Yes, I already know that tor is a distributed system.

Yes, my device is now using openwrt-1806 and I notice that openwrt-1907-rc1 has been released and I will soon upgrade the firmware.

I'm pretty sure I connected to the correct instance of tor, probably due to the special network environment in China.

You answered my last question. I've been trying to understand how this site works, but it turns out I was wrong in the first place.

@lleachii @VincentR Thank you very much for your time

2 Likes
18

No problem...and BTW, I did more searching:

From the control port:

GETINFO network-liveness
250-network-liveness=up
250 OK

"network-liveness"
  The string "up" or "down", indicating whether we currently believe the
  network is reachable.

Hope this helps.

19

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.