mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-27 13:53:31 +01:00
New config option V2AuthoritativeDirectory that all directory
authorities should set. This will let future authorities choose not to serve V2 directory information. Also, go through and revamp all the authdir_mode stuff so it tries to do the right thing if you're an auth but not a V1 or V2 auth. svn:r10092
This commit is contained in:
parent
87c19c0c49
commit
1b95bbdba6
@ -66,6 +66,9 @@ Changes in version 0.2.0.1-alpha - 2007-??-??
|
||||
- Directory authorities allow multiple router descriptors and/or extra
|
||||
info documents to be uploaded in a single go. This will make
|
||||
implementing proposal 104 simpler.
|
||||
- New config option V2AuthoritativeDirectory that all directory
|
||||
authorities should set. This will let future authorities choose
|
||||
not to serve V2 directory information.
|
||||
|
||||
o Minor features (controller):
|
||||
- Add a new config option __DisablePredictedCircuits designed for
|
||||
|
14
doc/tor.1.in
14
doc/tor.1.in
@ -837,11 +837,15 @@ admins at tor-ops@freehaven.net if you think you should be a directory.
|
||||
.LP
|
||||
.TP
|
||||
\fBV1AuthoritativeDirectory \fR\fB0\fR|\fB1\fR\fP
|
||||
When this option is set in addition to \fBAuthoritativeDirectory\fP, Tor also
|
||||
generates a version 1 directory (for Tor clients up to 0.1.0.x).
|
||||
(As of Tor 0.1.1.12 every (v2) authoritative directory still provides most of
|
||||
the v1 directory functionality, even without this option set to 1.
|
||||
This however is expected to change in the future.)
|
||||
When this option is set in addition to \fBAuthoritativeDirectory\fP, Tor
|
||||
generates version 1 directory and running-routers documents (for legacy
|
||||
Tor clients up to 0.1.0.x).
|
||||
.LP
|
||||
.TP
|
||||
\fBV2AuthoritativeDirectory \fR\fB0\fR|\fB1\fR\fP
|
||||
When this option is set in addition to \fBAuthoritativeDirectory\fP, Tor
|
||||
generates version 2 network statuses and serves descriptors, etc as
|
||||
described in doc/spec/dir-spec.txt.
|
||||
.LP
|
||||
.TP
|
||||
\fBVersioningAuthoritativeDirectory \fR\fB0\fR|\fB1\fR\fP
|
||||
|
@ -1097,7 +1097,7 @@ circuit_get_open_circ_or_launch(edge_connection_t *conn,
|
||||
}
|
||||
|
||||
/** Return true iff <b>crypt_path</b> is one of the crypt_paths for
|
||||
* <b>circ</b> */
|
||||
* <b>circ</b>. */
|
||||
static int
|
||||
cpath_is_on_circuit(origin_circuit_t *circ, crypt_path_t *crypt_path)
|
||||
{
|
||||
|
@ -256,6 +256,7 @@ static config_var_t _option_vars[] = {
|
||||
VAR("UseEntryGuards", BOOL, UseEntryGuards, "1"),
|
||||
VAR("User", STRING, User, NULL),
|
||||
VAR("V1AuthoritativeDirectory",BOOL, V1AuthoritativeDir, "0"),
|
||||
VAR("V2AuthoritativeDirectory",BOOL, V2AuthoritativeDir, "0"),
|
||||
VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
|
||||
VAR("VirtualAddrNetwork", STRING, VirtualAddrNetwork, "127.192.0.0/10"),
|
||||
VAR("__AllDirActionsPrivate",BOOL, AllDirActionsPrivate, "0"),
|
||||
|
@ -676,7 +676,7 @@ connection_or_check_valid_handshake(or_connection_t *conn, int started_here,
|
||||
END_OR_CONN_REASON_OR_IDENTITY);
|
||||
as_advertised = 0;
|
||||
}
|
||||
if (authdir_mode(options)) {
|
||||
if (authdir_mode_handles_descs(options)) {
|
||||
/* We initiated this connection to address:port. Drop all routers
|
||||
* with the same address:port and a different key.
|
||||
*/
|
||||
|
@ -886,6 +886,7 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
|
||||
int skewed=0;
|
||||
int allow_partial = conn->_base.purpose == DIR_PURPOSE_FETCH_SERVERDESC;
|
||||
int was_compressed=0;
|
||||
time_t now = time(NULL);
|
||||
|
||||
switch (fetch_from_buf_http(conn->_base.inbuf,
|
||||
&headers, MAX_HEADERS_SIZE,
|
||||
@ -957,7 +958,6 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
|
||||
if (status_code == 503) {
|
||||
local_routerstatus_t *rs;
|
||||
trusted_dir_server_t *ds;
|
||||
time_t now = time(NULL);
|
||||
log_info(LD_DIR,"Received http status code %d (%s) from server "
|
||||
"'%s:%d'. I'll try again soon.",
|
||||
status_code, escaped(reason), conn->_base.address,
|
||||
@ -1118,7 +1118,7 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
|
||||
if (next)
|
||||
next[1] = '\0';
|
||||
/* learn from it, and then remove it from 'which' */
|
||||
if (router_set_networkstatus(cp, time(NULL), source, which)<0)
|
||||
if (router_set_networkstatus(cp, now, source, which)<0)
|
||||
break;
|
||||
if (next) {
|
||||
next[1] = 'n';
|
||||
@ -1126,8 +1126,8 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
|
||||
} else
|
||||
break;
|
||||
}
|
||||
routers_update_all_from_networkstatus(); /*launches router downloads*/
|
||||
directory_info_has_arrived(time(NULL), 0);
|
||||
routers_update_all_from_networkstatus(now); /*launches router downloads*/
|
||||
directory_info_has_arrived(now, 0);
|
||||
if (which) {
|
||||
if (smartlist_len(which)) {
|
||||
dir_networkstatus_download_failed(which, status_code);
|
||||
@ -1180,7 +1180,7 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
|
||||
!strcmpstart(conn->requested_resource, "all"))) {
|
||||
/* as we learn from them, we remove them from 'which' */
|
||||
router_load_routers_from_string(body, SAVED_NOWHERE, which);
|
||||
directory_info_has_arrived(time(NULL), 0);
|
||||
directory_info_has_arrived(now, 0);
|
||||
}
|
||||
if (which) { /* mark remaining ones as failed */
|
||||
log_info(LD_DIR, "Received %d/%d routers requested from %s:%d",
|
||||
@ -1831,7 +1831,7 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
|
||||
|
||||
if (!strcmp(url,"/tor/dir-all-weaselhack") &&
|
||||
(conn->_base.addr == 0x7f000001ul) &&
|
||||
authdir_mode(options)) {
|
||||
authdir_mode_v2(options)) {
|
||||
/* until weasel rewrites his scripts at noreply */
|
||||
char *new_directory=NULL;
|
||||
|
||||
@ -1889,7 +1889,8 @@ directory_handle_command_post(dir_connection_t *conn, const char *headers,
|
||||
}
|
||||
log_debug(LD_DIRSERV,"rewritten url as '%s'.", url);
|
||||
|
||||
if (!strcmp(url,"/tor/")) { /* server descriptor post */
|
||||
if (authdir_mode_handles_descs(options) &&
|
||||
!strcmp(url,"/tor/")) { /* server descriptor post */
|
||||
const char *msg;
|
||||
int r = dirserv_add_multiple_descriptors(body, &msg);
|
||||
tor_assert(msg);
|
||||
|
@ -232,16 +232,7 @@ dirserv_load_fingerprint_file(void)
|
||||
/* If you approved an OR called "client", then clients who use
|
||||
* the default nickname could all be rejected. That's no good. */
|
||||
log_notice(LD_CONFIG,
|
||||
"Authorizing a nickname '%s' would break "
|
||||
"many clients; skipping.",
|
||||
DEFAULT_CLIENT_NICKNAME);
|
||||
continue;
|
||||
}
|
||||
if (0==strcasecmp(nickname, DEFAULT_CLIENT_NICKNAME)) {
|
||||
/* If you approved an OR called "client", then clients who use
|
||||
* the default nickname could all be rejected. That's no good. */
|
||||
log_notice(LD_CONFIG,
|
||||
"Authorizing a nickname '%s' would break "
|
||||
"Authorizing nickname '%s' would break "
|
||||
"many clients; skipping.",
|
||||
DEFAULT_CLIENT_NICKNAME);
|
||||
continue;
|
||||
@ -250,7 +241,7 @@ dirserv_load_fingerprint_file(void)
|
||||
/* If you approved an OR called "unnamed", then clients will be
|
||||
* confused. */
|
||||
log_notice(LD_CONFIG,
|
||||
"Authorizing a nickname '%s' is not allowed; skipping.",
|
||||
"Authorizing nickname '%s' is not allowed; skipping.",
|
||||
UNNAMED_ROUTER_NICKNAME);
|
||||
continue;
|
||||
}
|
||||
@ -754,7 +745,7 @@ directory_set_dirty(void)
|
||||
|
||||
/**
|
||||
* Allocate and return a description of the status of the server <b>desc</b>,
|
||||
* for use in a router-status line. The server is listed
|
||||
* for use in a v1-style router-status line. The server is listed
|
||||
* as running iff <b>is_live</b> is true.
|
||||
*/
|
||||
static char *
|
||||
@ -814,7 +805,7 @@ dirserv_thinks_router_is_blatantly_unreachable(routerinfo_t *router,
|
||||
}
|
||||
|
||||
/** Based on the routerinfo_ts in <b>routers</b>, allocate the
|
||||
* contents of a router-status line, and store it in
|
||||
* contents of a v1-style router-status line, and store it in
|
||||
* *<b>router_status_out</b>. Return 0 on success, -1 on failure.
|
||||
*
|
||||
* If for_controller is true, include the routers with very old descriptors.
|
||||
@ -829,14 +820,17 @@ list_server_status(smartlist_t *routers, char **router_status_out,
|
||||
smartlist_t *rs_entries;
|
||||
time_t now = time(NULL);
|
||||
time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
|
||||
int authdir_mode = get_options()->AuthoritativeDir;
|
||||
or_options_t *options = get_options();
|
||||
/* We include v2 dir auths here too, because they need to answer
|
||||
* controllers. Eventually we'll deprecate this whole function. */
|
||||
int authdir = authdir_mode_handles_descs(options);
|
||||
tor_assert(router_status_out);
|
||||
|
||||
rs_entries = smartlist_create();
|
||||
|
||||
SMARTLIST_FOREACH(routers, routerinfo_t *, ri,
|
||||
{
|
||||
if (authdir_mode) {
|
||||
if (authdir) {
|
||||
/* Update router status in routerinfo_t. */
|
||||
ri->is_running = dirserv_thinks_router_is_reachable(ri, now);
|
||||
}
|
||||
@ -1004,12 +998,12 @@ dirserv_dump_directory_to_string(char **dir_out,
|
||||
return -1;
|
||||
}
|
||||
|
||||
/** Most recently generated encoded signed v1 directory. (auth dirservers
|
||||
* only.)*/
|
||||
/** Most recently generated encoded signed v1 directory. (v1 auth dirservers
|
||||
* only.) */
|
||||
static cached_dir_t *the_directory = NULL;
|
||||
|
||||
/* Used only by non-auth dirservers: The v1 directory and runningrouters we'll
|
||||
* serve when requested. */
|
||||
/* Used only by non-v1-auth dirservers: The v1 directory and
|
||||
* runningrouters we'll serve when requested. */
|
||||
static cached_dir_t *cached_directory = NULL;
|
||||
static cached_dir_t cached_runningrouters = { NULL, NULL, 0, 0, 0, -1 };
|
||||
|
||||
@ -1098,8 +1092,8 @@ _free_cached_dir(void *_d)
|
||||
*
|
||||
* If <b>published</b> is too old, do nothing.
|
||||
*
|
||||
* If <b>is_running_routers</b>, this is really a running_routers document
|
||||
* rather than a v1 directory.
|
||||
* If <b>is_running_routers</b>, this is really a v1 running_routers
|
||||
* document rather than a v1 directory.
|
||||
*/
|
||||
void
|
||||
dirserv_set_cached_directory(const char *directory, time_t published,
|
||||
@ -1118,11 +1112,13 @@ dirserv_set_cached_directory(const char *directory, time_t published,
|
||||
}
|
||||
}
|
||||
|
||||
/** We've just received a v2 network-status for an authoritative directory
|
||||
* with identity digest <b>identity</b> published at
|
||||
* <b>published</b>. Store it so we can serve it to others. If
|
||||
* <b>directory</b> is NULL, remove the entry with the given fingerprint from
|
||||
* the cache.
|
||||
/** If <b>networkstatus</b> is non-NULL, we've just received a v2
|
||||
* network-status for an authoritative directory with identity digest
|
||||
* <b>identity</b> published at <b>published</b> -- store it so we can
|
||||
* serve it to others.
|
||||
*
|
||||
* If <b>networkstatus</b> is NULL, remove the entry with the given
|
||||
* identity fingerprint from the v2 cache.
|
||||
*/
|
||||
void
|
||||
dirserv_set_cached_networkstatus_v2(const char *networkstatus,
|
||||
@ -1181,7 +1177,7 @@ dirserv_set_cached_networkstatus_v2(const char *networkstatus,
|
||||
}
|
||||
}
|
||||
|
||||
/** Remove any networkstatus from the directory cache that was published
|
||||
/** Remove any v2 networkstatus from the directory cache that was published
|
||||
* before <b>cutoff</b>. */
|
||||
void
|
||||
dirserv_clear_old_networkstatuses(time_t cutoff)
|
||||
@ -1230,8 +1226,8 @@ dirserv_clear_old_v1_info(time_t now)
|
||||
}
|
||||
}
|
||||
|
||||
/** Helper: If we're an authority for the right directory version (the
|
||||
* directory version is determined by <b>is_v1_object</b>), try to regenerate
|
||||
/** Helper: If we're an authority for the right directory version (v1 if
|
||||
* <b>is_v1_object</b> if non-0, else v2), try to regenerate
|
||||
* auth_src as appropriate and return it, falling back to cache_src on
|
||||
* failure. If we're a cache, return cache_src.
|
||||
*/
|
||||
@ -1242,8 +1238,9 @@ dirserv_pick_cached_dir_obj(cached_dir_t *cache_src,
|
||||
const char *name,
|
||||
int is_v1_object)
|
||||
{
|
||||
int authority = get_options()->AuthoritativeDir &&
|
||||
(!is_v1_object || get_options()->V1AuthoritativeDir);
|
||||
or_options_t *options = get_options();
|
||||
int authority = (authdir_mode_v1(options) && is_v1_object) ||
|
||||
(authdir_mode_v2(options) && !is_v1_object);
|
||||
|
||||
if (!authority) {
|
||||
return cache_src;
|
||||
@ -1298,9 +1295,9 @@ dirserv_get_obj(const char **out,
|
||||
}
|
||||
}
|
||||
|
||||
/** Return the most recently generated encoded signed directory, generating a
|
||||
* new one as necessary. If not an authoritative directory may return NULL if
|
||||
* no directory is yet cached. */
|
||||
/** Return the most recently generated encoded signed v1 directory,
|
||||
* generating a new one as necessary. If not a v1 authoritative directory
|
||||
* may return NULL if no directory is yet cached. */
|
||||
cached_dir_t *
|
||||
dirserv_get_directory(void)
|
||||
{
|
||||
@ -1310,9 +1307,9 @@ dirserv_get_directory(void)
|
||||
"server directory", 1);
|
||||
}
|
||||
|
||||
/**
|
||||
* Generate a fresh v1 directory (authdirservers only); set the_directory
|
||||
* and return a pointer to the new value.
|
||||
/** Only called by v1 auth dirservers.
|
||||
* Generate a fresh v1 directory; set the_directory and return a pointer
|
||||
* to the new value.
|
||||
*/
|
||||
static cached_dir_t *
|
||||
dirserv_regenerate_directory(void)
|
||||
@ -1344,7 +1341,8 @@ dirserv_regenerate_directory(void)
|
||||
/** For authoritative directories: the current (v1) network status. */
|
||||
static cached_dir_t the_runningrouters = { NULL, NULL, 0, 0, 0, -1 };
|
||||
|
||||
/** Replace the current running-routers list with a newly generated one. */
|
||||
/** Only called by v1 auth dirservers.
|
||||
* Replace the current running-routers list with a newly generated one. */
|
||||
static cached_dir_t *
|
||||
generate_runningrouters(void)
|
||||
{
|
||||
@ -1415,11 +1413,11 @@ dirserv_get_runningrouters(const char **rr, int compress)
|
||||
static cached_dir_t *the_v2_networkstatus = NULL;
|
||||
|
||||
/** Return true iff our opinion of the routers has been stale for long
|
||||
* enough that we should generate a new network status doc. */
|
||||
* enough that we should generate a new v2 network status doc. */
|
||||
static int
|
||||
should_generate_v2_networkstatus(void)
|
||||
{
|
||||
return get_options()->AuthoritativeDir &&
|
||||
return authdir_mode_v2(get_options()) &&
|
||||
the_v2_networkstatus_is_dirty &&
|
||||
the_v2_networkstatus_is_dirty + DIR_REGEN_SLACK_TIME < time(NULL);
|
||||
}
|
||||
@ -1569,7 +1567,7 @@ dirserv_compute_performance_thresholds(routerlist_t *rl)
|
||||
smartlist_free(bandwidths_excluding_exits);
|
||||
}
|
||||
|
||||
/** For authoritative directories only: replace the contents of
|
||||
/** For v2 authoritative directories only: replace the contents of
|
||||
* <b>the_v2_networkstatus</b> with a newly generated network status
|
||||
* object. */
|
||||
static cached_dir_t *
|
||||
@ -1744,6 +1742,8 @@ generate_v2_networkstatus(void)
|
||||
f_running?" Running":"",
|
||||
f_valid?" Valid":"",
|
||||
f_v2_dir?" V2Dir":"")<0) {
|
||||
/* when adding more flags, remember to change
|
||||
* the #defines at the top of this function. */
|
||||
log_warn(LD_BUG, "Unable to print router status.");
|
||||
goto done;
|
||||
}
|
||||
@ -1819,7 +1819,7 @@ dirserv_get_networkstatus_v2_fingerprints(smartlist_t *result,
|
||||
generate_v2_networkstatus();
|
||||
|
||||
if (!strcmp(key,"authority")) {
|
||||
if (get_options()->AuthoritativeDir) {
|
||||
if (authdir_mode_v2(get_options())) {
|
||||
routerinfo_t *me = router_get_my_routerinfo();
|
||||
if (me)
|
||||
smartlist_add(result,
|
||||
@ -1839,7 +1839,8 @@ dirserv_get_networkstatus_v2_fingerprints(smartlist_t *result,
|
||||
} else {
|
||||
SMARTLIST_FOREACH(router_get_trusted_dir_servers(),
|
||||
trusted_dir_server_t *, ds,
|
||||
smartlist_add(result, tor_memdup(ds->digest, DIGEST_LEN)));
|
||||
if (ds->is_v2_authority)
|
||||
smartlist_add(result, tor_memdup(ds->digest, DIGEST_LEN)));
|
||||
}
|
||||
smartlist_sort_digests(result);
|
||||
if (smartlist_len(result) == 0)
|
||||
|
@ -1716,6 +1716,8 @@ typedef struct {
|
||||
int AuthoritativeDir; /**< Boolean: is this an authoritative directory? */
|
||||
int V1AuthoritativeDir; /**< Boolean: is this an authoritative directory
|
||||
* for version 1 directories? */
|
||||
int V2AuthoritativeDir; /**< Boolean: is this an authoritative directory
|
||||
* for version 2 directories? */
|
||||
int HSAuthoritativeDir; /**< Boolean: does this an authoritative directory
|
||||
* handle hidden service requests? */
|
||||
int HSAuthorityRecordStats; /**< Boolean: does this HS authoritative
|
||||
@ -2938,6 +2940,9 @@ void router_dirport_found_reachable(void);
|
||||
void router_perform_bandwidth_test(int num_circs, time_t now);
|
||||
|
||||
int authdir_mode(or_options_t *options);
|
||||
int authdir_mode_v1(or_options_t *options);
|
||||
int authdir_mode_v2(or_options_t *options);
|
||||
int authdir_mode_handles_descs(or_options_t *options);
|
||||
int clique_mode(or_options_t *options);
|
||||
int server_mode(or_options_t *options);
|
||||
int advertised_server_mode(void);
|
||||
@ -3107,7 +3112,7 @@ local_routerstatus_t *router_get_combined_status_by_digest(const char *digest);
|
||||
routerstatus_t *routerstatus_get_by_hexdigest(const char *hexdigest);
|
||||
void update_networkstatus_downloads(time_t now);
|
||||
void update_router_descriptor_downloads(time_t now);
|
||||
void routers_update_all_from_networkstatus(void);
|
||||
void routers_update_all_from_networkstatus(time_t now);
|
||||
void routers_update_status_from_networkstatus(smartlist_t *routers,
|
||||
int reset_failures);
|
||||
smartlist_t *router_list_superseded(void);
|
||||
|
@ -377,7 +377,7 @@ init_keys(void)
|
||||
(uint16_t)options->ORPort,
|
||||
digest,
|
||||
options->V1AuthoritativeDir, /* v1 authority */
|
||||
1, /* v2 authority */
|
||||
options->V2AuthoritativeDir, /* v2 authority */
|
||||
options->HSAuthoritativeDir /*hidserv authority*/);
|
||||
}
|
||||
return 0; /* success */
|
||||
@ -594,12 +594,37 @@ authdir_mode(or_options_t *options)
|
||||
{
|
||||
return options->AuthoritativeDir != 0;
|
||||
}
|
||||
/** Return true iff we believe ourselves to be a v1 authoritative
|
||||
* directory server.
|
||||
*/
|
||||
int
|
||||
authdir_mode_v1(or_options_t *options)
|
||||
{
|
||||
return authdir_mode(options) && options->V1AuthoritativeDir != 0;
|
||||
}
|
||||
/** Return true iff we believe ourselves to be a v2 authoritative
|
||||
* directory server.
|
||||
*/
|
||||
int
|
||||
authdir_mode_v2(or_options_t *options)
|
||||
{
|
||||
return authdir_mode(options) && options->V2AuthoritativeDir != 0;
|
||||
}
|
||||
/** Return true iff we are an authoritative directory server that
|
||||
* handles descriptors -- including receiving posts, creating directories,
|
||||
* and testing reachability.
|
||||
*/
|
||||
int
|
||||
authdir_mode_handles_descs(or_options_t *options)
|
||||
{
|
||||
return authdir_mode_v1(options) || authdir_mode_v2(options);
|
||||
}
|
||||
/** Return true iff we try to stay connected to all ORs at once.
|
||||
*/
|
||||
int
|
||||
clique_mode(or_options_t *options)
|
||||
{
|
||||
return authdir_mode(options);
|
||||
return authdir_mode_handles_descs(options);
|
||||
}
|
||||
|
||||
/** Return true iff we are trying to be a server.
|
||||
@ -647,7 +672,7 @@ proxy_mode(or_options_t *options)
|
||||
* - We have ORPort set
|
||||
* and
|
||||
* - We believe we are reachable from the outside; or
|
||||
* - We have the AuthoritativeDirectory option set.
|
||||
* - We are an authoritative directory server.
|
||||
*/
|
||||
static int
|
||||
decide_if_publishable_server(void)
|
||||
@ -660,7 +685,7 @@ decide_if_publishable_server(void)
|
||||
return 0;
|
||||
if (!server_mode(options))
|
||||
return 0;
|
||||
if (options->AuthoritativeDir)
|
||||
if (authdir_mode(options))
|
||||
return 1;
|
||||
|
||||
return check_whether_orport_reachable();
|
||||
@ -695,8 +720,8 @@ consider_publishable_server(int force)
|
||||
* Clique maintenance -- to be phased out.
|
||||
*/
|
||||
|
||||
/** Return true iff this OR should try to keep connections open to all
|
||||
* other ORs. */
|
||||
/** Return true iff we believe this OR tries to keep connections open
|
||||
* to all other ORs. */
|
||||
int
|
||||
router_is_clique_mode(routerinfo_t *router)
|
||||
{
|
||||
@ -1128,7 +1153,7 @@ check_descriptor_ipaddress_changed(time_t now)
|
||||
* headers. */
|
||||
static uint32_t last_guessed_ip = 0;
|
||||
|
||||
/** A directory authority told us our IP address is <b>suggestion</b>.
|
||||
/** A directory server told us our IP address is <b>suggestion</b>.
|
||||
* If this address is different from the one we think we are now, and
|
||||
* if our computer doesn't actually know its IP address, then switch. */
|
||||
void
|
||||
|
@ -153,7 +153,7 @@ router_reload_networkstatus(void)
|
||||
SMARTLIST_FOREACH(entries, char *, fn, tor_free(fn));
|
||||
smartlist_free(entries);
|
||||
networkstatus_list_clean(time(NULL));
|
||||
routers_update_all_from_networkstatus();
|
||||
routers_update_all_from_networkstatus(time(NULL));
|
||||
routerlist_check_bug_417();
|
||||
return 0;
|
||||
}
|
||||
@ -565,8 +565,7 @@ router_get_trusteddirserver_by_digest(const char *digest)
|
||||
/** Try to find a running trusted dirserver. If there are no running
|
||||
* trusted dirservers and <b>retry_if_no_servers</b> is non-zero,
|
||||
* set them all as running again, and try again.
|
||||
* If <b>need_v1_authority</b> is set, return only trusted servers
|
||||
* that are authorities for the V1 directory protocol.
|
||||
* <b>type> specifies the type of authoritative dir we require.
|
||||
* Other args are as in router_pick_trusteddirserver_impl().
|
||||
*/
|
||||
routerstatus_t *
|
||||
@ -594,7 +593,8 @@ router_pick_trusteddirserver(authority_type_t type,
|
||||
#define DIR_503_TIMEOUT (60*60)
|
||||
|
||||
/** Pick a random running valid directory server/mirror from our
|
||||
* routerlist. Don't pick an authority if any non-authorities are viable.
|
||||
* routerlist.
|
||||
*
|
||||
* If <b>fascistfirewall</b>, make sure the router we pick is allowed
|
||||
* by our firewall options.
|
||||
* If <b>requireother</b>, it cannot be us. If <b>for_v2_directory</b>,
|
||||
@ -602,8 +602,9 @@ router_pick_trusteddirserver(authority_type_t type,
|
||||
* functionality.
|
||||
* If <b>prefer_tunnel</b>, choose a directory server that is reachable
|
||||
* and supports BEGIN_DIR cells, if possible.
|
||||
* Try to avoid using servers that are overloaded (have returned 503
|
||||
* recently).
|
||||
*
|
||||
* Don't pick an authority if any non-authorities are viable. Try to
|
||||
* avoid using servers that are overloaded (have returned 503 recently).
|
||||
*/
|
||||
static routerstatus_t *
|
||||
router_pick_directory_server_impl(int requireother, int fascistfirewall,
|
||||
@ -681,9 +682,8 @@ router_pick_directory_server_impl(int requireother, int fascistfirewall,
|
||||
|
||||
/** Choose randomly from among the trusted dirservers that are up. If
|
||||
* <b>fascistfirewall</b>, make sure the port we pick is allowed by our
|
||||
* firewall options. If <b>requireother</b>, it cannot be us. If
|
||||
* <b>need_v1_authority</b>, choose a trusted authority for the v1 directory
|
||||
* system.
|
||||
* firewall options. If <b>requireother</b>, it cannot be us.
|
||||
* <b>type> specifies the type of authoritative dir we require.
|
||||
*/
|
||||
static routerstatus_t *
|
||||
router_pick_trusteddirserver_impl(authority_type_t type,
|
||||
@ -1433,8 +1433,7 @@ router_digest_is_trusted_dir(const char *digest)
|
||||
{
|
||||
if (!trusted_dir_servers)
|
||||
return 0;
|
||||
if (get_options()->AuthoritativeDir &&
|
||||
router_digest_is_me(digest))
|
||||
if (authdir_mode(get_options()) && router_digest_is_me(digest))
|
||||
return 1;
|
||||
SMARTLIST_FOREACH(trusted_dir_servers, trusted_dir_server_t *, ent,
|
||||
if (!memcmp(digest, ent->digest, DIGEST_LEN)) return 1);
|
||||
@ -2103,7 +2102,7 @@ router_add_to_routerlist(routerinfo_t *router, const char **msg,
|
||||
int from_cache, int from_fetch)
|
||||
{
|
||||
const char *id_digest;
|
||||
int authdir = get_options()->AuthoritativeDir;
|
||||
int authdir = authdir_mode(get_options());
|
||||
int authdir_believes_valid = 0;
|
||||
routerinfo_t *old_router;
|
||||
|
||||
@ -2778,7 +2777,7 @@ router_set_networkstatus(const char *s, time_t arrived_at,
|
||||
* authority we didn't recognize. */
|
||||
log_info(LD_DIR,
|
||||
"We do not recognize authority (%s) but we are willing "
|
||||
"to cache it", fp);
|
||||
"to cache it.", fp);
|
||||
add_networkstatus_to_cache(s, source, ns);
|
||||
networkstatus_free(ns);
|
||||
}
|
||||
@ -3043,14 +3042,15 @@ signed_desc_digest_is_recognized(signed_descriptor_t *desc)
|
||||
#define NONAUTHORITY_NS_CACHE_INTERVAL (15*60)
|
||||
|
||||
/** We are a directory server, and so cache network_status documents.
|
||||
* Initiate downloads as needed to update them. For authorities, this means
|
||||
* asking each trusted directory for its network-status. For caches, this
|
||||
* means asking a random authority for all network-statuses.
|
||||
* Initiate downloads as needed to update them. For v2 authorities,
|
||||
* this means asking each trusted directory for its network-status.
|
||||
* For caches, this means asking a random v2 authority for all
|
||||
* network-statuses.
|
||||
*/
|
||||
static void
|
||||
update_networkstatus_cache_downloads(time_t now)
|
||||
{
|
||||
int authority = authdir_mode(get_options());
|
||||
int authority = authdir_mode_v2(get_options());
|
||||
int interval =
|
||||
authority ? AUTHORITY_NS_CACHE_INTERVAL : NONAUTHORITY_NS_CACHE_INTERVAL;
|
||||
|
||||
@ -3491,17 +3491,15 @@ compute_recommended_versions(time_t now, int client,
|
||||
* list.
|
||||
*/
|
||||
void
|
||||
routers_update_all_from_networkstatus(void)
|
||||
routers_update_all_from_networkstatus(time_t now)
|
||||
{
|
||||
routerinfo_t *me;
|
||||
time_t now;
|
||||
if (!routerlist || !networkstatus_list ||
|
||||
(!networkstatus_list_has_changed && !routerstatus_list_has_changed))
|
||||
return;
|
||||
|
||||
router_dir_info_changed();
|
||||
|
||||
now = time(NULL);
|
||||
if (networkstatus_list_has_changed)
|
||||
routerstatus_list_update_from_networkstatus(now);
|
||||
|
||||
@ -3756,7 +3754,7 @@ routerstatus_list_update_from_networkstatus(time_t now)
|
||||
other_digest != conflict) {
|
||||
if (!warned) {
|
||||
char *d;
|
||||
int should_warn = options->DirPort && options->AuthoritativeDir;
|
||||
int should_warn = options->DirPort && authdir_mode(options);
|
||||
char fp1[HEX_DIGEST_LEN+1];
|
||||
char fp2[HEX_DIGEST_LEN+1];
|
||||
base16_encode(fp1, sizeof(fp1), other_digest, DIGEST_LEN);
|
||||
@ -3982,9 +3980,8 @@ routers_update_status_from_networkstatus(smartlist_t *routers,
|
||||
trusted_dir_server_t *ds;
|
||||
local_routerstatus_t *rs;
|
||||
or_options_t *options = get_options();
|
||||
int authdir = options->AuthoritativeDir;
|
||||
int namingdir = options->AuthoritativeDir &&
|
||||
options->NamingAuthoritativeDir;
|
||||
int authdir = authdir_mode_v2(options);
|
||||
int namingdir = authdir && options->NamingAuthoritativeDir;
|
||||
|
||||
if (!routerstatus_list)
|
||||
return;
|
||||
@ -4299,7 +4296,6 @@ update_router_descriptor_cache_downloads(time_t now)
|
||||
int i, j, n;
|
||||
int n_download;
|
||||
or_options_t *options = get_options();
|
||||
(void) now;
|
||||
|
||||
if (!options->DirPort) {
|
||||
log_warn(LD_BUG, "Called update_router_descriptor_cache_downloads() "
|
||||
@ -4357,7 +4353,7 @@ update_router_descriptor_cache_downloads(time_t now)
|
||||
rs->need_to_mirror = 0;
|
||||
continue;
|
||||
}
|
||||
if (options->AuthoritativeDir && dirserv_would_reject_router(rs)) {
|
||||
if (authdir_mode(options) && dirserv_would_reject_router(rs)) {
|
||||
rs->need_to_mirror = 0;
|
||||
continue;
|
||||
}
|
||||
|
@ -491,7 +491,7 @@ router_parse_directory(const char *str)
|
||||
|
||||
/* Now that we know the signature is okay, and we have a
|
||||
* publication time, cache the directory. */
|
||||
if (get_options()->DirPort && !get_options()->V1AuthoritativeDir)
|
||||
if (get_options()->DirPort && !authdir_mode_v1(get_options()))
|
||||
dirserv_set_cached_directory(str, published_on, 0);
|
||||
|
||||
r = 0;
|
||||
@ -551,7 +551,7 @@ router_parse_runningrouters(const char *str)
|
||||
|
||||
/* Now that we know the signature is okay, and we have a
|
||||
* publication time, cache the list. */
|
||||
if (get_options()->DirPort && !get_options()->V1AuthoritativeDir)
|
||||
if (get_options()->DirPort && !authdir_mode_v1(get_options()))
|
||||
dirserv_set_cached_directory(str, published_on, 1);
|
||||
|
||||
r = 0;
|
||||
|
Loading…
Reference in New Issue
Block a user