nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-10 13:13:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Note a vulnerability with our current recommended-version concensus

Browse Source 
building.

Make the warnings about invalid and unnamed nodes scale better, and
update the text of the warnings.

Change router_have_minimum_dir_info() to only be happy when it has
enough network-statuses ("more than half") to be willing to actually
build circuits.

Not yet done: when we fail to get a networkstatus that we wanted, and
!router_have_minimum_dir_info(), we should retry it quicker than a whole
minute from now.


svn:r6227
This commit is contained in:
Roger Dingledine 2006-03-22 06:22:12 +00:00
parent 51a3981d10
commit 0d7efbe65d
2 changed files with 18 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/or/directory.c
View File

@ -1857,7 +1857,7 @@ dir_networkstatus_download_failed(smartlist_t *failed)
}); });
} }
/** Called when one or more networkstatus fetches have failed (with uppercase /** Called when one or more routerdesc fetches have failed (with uppercase
* fingerprints listed in <b>failed</>). */ * fingerprints listed in <b>failed</>). */
static void static void
dir_routerdesc_download_failed(smartlist_t *failed) dir_routerdesc_download_failed(smartlist_t *failed)

32
src/or/routerlist.c
View File

@ -2738,6 +2738,8 @@ compute_recommended_versions(time_t now, int client)
vers = client ? ns->client_versions : ns->server_versions; vers = client ? ns->client_versions : ns->server_versions;
if (!vers) if (!vers)
continue; continue;
/* XXX Attack: a single dirserver can make a version recommended
* by repeating it many times in his recommended list. -RD */
smartlist_split_string(combined, vers, ",", smartlist_split_string(combined, vers, ",",
SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0); SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
}); });
@ -2809,22 +2811,18 @@ routers_update_all_from_networkstatus(void)
++n_named; ++n_named;
}); });
if (n_recent >= 2 && n_listing >= 2) { if (n_recent >= 2 && n_listing >= 2 &&
/* XXX When we have more than 3 dirservers, these warnings have_tried_downloading_all_statuses()) {
* might become spurious depending on which combination of
* network-statuses we have. Perhaps we should wait until we
* have tried all of them? -RD */
if (n_valid <= n_recent/2) { if (n_valid <= n_recent/2) {
log_warn(LD_GENERAL, log_warn(LD_GENERAL,
"%d/%d recent statements from directory authorities list us " "%d/%d recent statements from directory authorities list us "
"as invalid. Please " "as unapproved. Are you misconfigured?",
"consider sending your identity fingerprint to the tor-ops.",
n_recent-n_valid, n_recent); n_recent-n_valid, n_recent);
have_warned_about_invalid_status = 1; have_warned_about_invalid_status = 1;
} else if (!n_named && have_tried_downloading_all_statuses()) { } else if (n_naming && !n_named) {
log_warn(LD_GENERAL, "0/%d name-binding directory authorities " log_warn(LD_GENERAL, "0/%d name-binding directory authorities "
"recognize this server. Please consider sending your " "recognize your nickname. Please consider sending your "
"identity fingerprint to the tor-ops.", "nickname and identity fingerprint to the tor-ops.",
n_naming); n_naming);
have_warned_about_invalid_status = 1; have_warned_about_invalid_status = 1;
} }
@ -3591,7 +3589,7 @@ update_router_descriptor_cache_downloads(time_t now)
* - if d is a member of some downloadable[x], d is a member of some * - if d is a member of some downloadable[x], d is a member of some
* download_from[y]. (Everything we want to download, we try to download * download_from[y]. (Everything we want to download, we try to download
* from somebody.) * from somebody.)
* - If d is a mamber of download_from[y], d is a member of downloadable[y]. * - If d is a member of download_from[y], d is a member of downloadable[y].
* (We only try to download descriptors from authorities who claim to have * (We only try to download descriptors from authorities who claim to have
* them.) * them.)
* - No d is a member of download_from[x] and download_from[y] s.t. x != y. * - No d is a member of download_from[x] and download_from[y] s.t. x != y.
@ -3657,21 +3655,25 @@ update_router_descriptor_downloads(time_t now)
} }
/** Return true iff we have enough networkstatus and router information to /** Return true iff we have enough networkstatus and router information to
* start building circuits. Right now, this means "at least 2 networkstatus * start building circuits. Right now, this means "more than half the
* documents, and at least 1/4 of expected routers." */ * networkstatus documents, and at least 1/4 of expected routers." */
//XXX should consider whether we have enough exiting nodes here. //XXX should consider whether we have enough exiting nodes here.
int int
router_have_minimum_dir_info(void) router_have_minimum_dir_info(void)
{ {
int tot = 0, num_running = 0; int tot = 0, num_running = 0;
int n_ns, res, avg; int n_ns, n_authorities, res, avg;
static int have_enough = 0; static int have_enough = 0;
if (!networkstatus_list || !routerlist) { if (!networkstatus_list || !routerlist) {
res = 0; res = 0;
goto done; goto done;
} }
n_authorities = smartlist_len(trusted_dir_servers);
n_ns = smartlist_len(networkstatus_list); n_ns = smartlist_len(networkstatus_list);
if (n_ns<2) { if (n_ns<=n_authorities/2) {
log_info(LD_DIR,
"We have %d of %d network statuses, and we want "
"more than %d.", n_ns, n_authorities, n_authorities/2);
res = 0; res = 0;
goto done; goto done;
} }