Merge remote-tracking branch 'public/bug10849_025'

Conflicts:
	src/or/config.c
This commit is contained in:
Nick Mathewson 2014-05-01 11:51:22 -04:00
commit 1bbd3811c1
7 changed files with 13 additions and 52 deletions

6
changes/bug10849_025 Normal file
View File

@ -0,0 +1,6 @@
o Removed code:
- The TunnelDirConns and PreferTunnelledDirConns options no longer
exist; tunneled directory connections have been available since
0.1.2.5-alpha, and turning them off is not a good idea. This is a
brute-force fix for 10849, where "TunnelDirConns 0" would break
hidden services.

View File

@ -593,15 +593,6 @@ GENERAL OPTIONS
This is useful when running on flash memory or other media that support This is useful when running on flash memory or other media that support
only a limited number of writes. (Default: 0) only a limited number of writes. (Default: 0)
[[TunnelDirConns]] **TunnelDirConns** **0**|**1**::
If non-zero, when a directory server we contact supports it, we will build
a one-hop circuit and make an encrypted connection via its ORPort.
(Default: 1)
[[PreferTunneledDirConns]] **PreferTunneledDirConns** **0**|**1**::
If non-zero, we will avoid directory servers that don't support tunneled
directory connections, when possible. (Default: 1)
[[CircuitPriorityHalflife]] **CircuitPriorityHalflife** __NUM1__:: [[CircuitPriorityHalflife]] **CircuitPriorityHalflife** __NUM1__::
If this value is set, we override the default algorithm for choosing which If this value is set, we override the default algorithm for choosing which
circuit's cell to deliver or relay next. When the value is 0, we circuit's cell to deliver or relay next. When the value is 0, we

View File

@ -357,7 +357,7 @@ static config_var_t option_vars_[] = {
V(OptimisticData, AUTOBOOL, "auto"), V(OptimisticData, AUTOBOOL, "auto"),
V(PortForwarding, BOOL, "0"), V(PortForwarding, BOOL, "0"),
V(PortForwardingHelper, FILENAME, "tor-fw-helper"), V(PortForwardingHelper, FILENAME, "tor-fw-helper"),
V(PreferTunneledDirConns, BOOL, "1"), OBSOLETE("PreferTunneledDirConns"),
V(ProtocolWarnings, BOOL, "0"), V(ProtocolWarnings, BOOL, "0"),
V(PublishServerDescriptor, CSV, "1"), V(PublishServerDescriptor, CSV, "1"),
V(PublishHidServDescriptors, BOOL, "1"), V(PublishHidServDescriptors, BOOL, "1"),
@ -412,7 +412,7 @@ static config_var_t option_vars_[] = {
V(TransListenAddress, LINELIST, NULL), V(TransListenAddress, LINELIST, NULL),
VPORT(TransPort, LINELIST, NULL), VPORT(TransPort, LINELIST, NULL),
V(TransProxyType, STRING, "default"), V(TransProxyType, STRING, "default"),
V(TunnelDirConns, BOOL, "1"), OBSOLETE("TunnelDirConns"),
V(UpdateBridgesFromAuthority, BOOL, "0"), V(UpdateBridgesFromAuthority, BOOL, "0"),
V(UseBridges, BOOL, "0"), V(UseBridges, BOOL, "0"),
V(UseEntryGuards, BOOL, "1"), V(UseEntryGuards, BOOL, "1"),
@ -3275,12 +3275,6 @@ options_validate(or_options_t *old_options, or_options_t *options,
if (options->UseBridges && !options->Bridges) if (options->UseBridges && !options->Bridges)
REJECT("If you set UseBridges, you must specify at least one bridge."); REJECT("If you set UseBridges, you must specify at least one bridge.");
if (options->UseBridges && !options->TunnelDirConns)
REJECT("If you set UseBridges, you must set TunnelDirConns.");
if (options->RendConfigLines &&
(!options->TunnelDirConns || !options->PreferTunneledDirConns))
REJECT("If you are running a hidden service, you must set TunnelDirConns "
"and PreferTunneledDirConns");
for (cl = options->Bridges; cl; cl = cl->next) { for (cl = options->Bridges; cl; cl = cl->next) {
bridge_line_t *bridge_line = parse_bridge_line(cl->value); bridge_line_t *bridge_line = parse_bridge_line(cl->value);
@ -3393,15 +3387,6 @@ options_validate(or_options_t *old_options, or_options_t *options,
AF_INET6, 1, msg)<0) AF_INET6, 1, msg)<0)
return -1; return -1;
if (options->PreferTunneledDirConns && !options->TunnelDirConns)
REJECT("Must set TunnelDirConns if PreferTunneledDirConns is set.");
if ((options->Socks4Proxy || options->Socks5Proxy) &&
!options->HTTPProxy && !options->PreferTunneledDirConns)
REJECT("When Socks4Proxy or Socks5Proxy is configured, "
"PreferTunneledDirConns and TunnelDirConns must both be "
"set to 1, or HTTPProxy must be configured.");
if (options->AutomapHostsSuffixes) { if (options->AutomapHostsSuffixes) {
SMARTLIST_FOREACH(options->AutomapHostsSuffixes, char *, suf, SMARTLIST_FOREACH(options->AutomapHostsSuffixes, char *, suf,
{ {

View File

@ -338,8 +338,6 @@ should_use_directory_guards(const or_options_t *options)
if (options->DownloadExtraInfo || options->FetchDirInfoEarly || if (options->DownloadExtraInfo || options->FetchDirInfoEarly ||
options->FetchDirInfoExtraEarly || options->FetchUselessDescriptors) options->FetchDirInfoExtraEarly || options->FetchUselessDescriptors)
return 0; return 0;
if (! options->PreferTunneledDirConns)
return 0;
return 1; return 1;
} }
@ -834,6 +832,7 @@ directory_command_should_use_begindir(const or_options_t *options,
int or_port, uint8_t router_purpose, int or_port, uint8_t router_purpose,
dir_indirection_t indirection) dir_indirection_t indirection)
{ {
(void) router_purpose;
if (!or_port) if (!or_port)
return 0; /* We don't know an ORPort -- no chance. */ return 0; /* We don't know an ORPort -- no chance. */
if (indirection == DIRIND_DIRECT_CONN || indirection == DIRIND_ANON_DIRPORT) if (indirection == DIRIND_DIRECT_CONN || indirection == DIRIND_ANON_DIRPORT)
@ -842,9 +841,6 @@ directory_command_should_use_begindir(const or_options_t *options,
if (!fascist_firewall_allows_address_or(addr, or_port) || if (!fascist_firewall_allows_address_or(addr, or_port) ||
directory_fetches_from_authorities(options)) directory_fetches_from_authorities(options))
return 0; /* We're firewalled or are acting like a relay -- also no. */ return 0; /* We're firewalled or are acting like a relay -- also no. */
if (!options->TunnelDirConns &&
router_purpose != ROUTER_PURPOSE_BRIDGE)
return 0; /* We prefer to avoid using begindir conns. Fine. */
return 1; return 1;
} }

View File

@ -378,7 +378,7 @@ add_an_entry_guard(const node_t *chosen, int reset_status, int prepend,
} else { } else {
const routerstatus_t *rs; const routerstatus_t *rs;
rs = router_pick_directory_server(MICRODESC_DIRINFO|V3_DIRINFO, rs = router_pick_directory_server(MICRODESC_DIRINFO|V3_DIRINFO,
PDS_PREFER_TUNNELED_DIR_CONNS_|PDS_FOR_GUARD); PDS_FOR_GUARD);
if (!rs) if (!rs)
return NULL; return NULL;
node = node_get_by_id(rs->identity_digest); node = node_get_by_id(rs->identity_digest);

View File

@ -3886,10 +3886,6 @@ typedef struct {
* testing our DNS server. */ * testing our DNS server. */
int EnforceDistinctSubnets; /**< If true, don't allow multiple routers in the int EnforceDistinctSubnets; /**< If true, don't allow multiple routers in the
* same network zone in the same circuit. */ * same network zone in the same circuit. */
int TunnelDirConns; /**< If true, use BEGIN_DIR rather than BEGIN when
* possible. */
int PreferTunneledDirConns; /**< If true, avoid dirservers that don't
* support BEGIN_DIR, when possible. */
int PortForwarding; /**< If true, use NAT-PMP or UPnP to automatically int PortForwarding; /**< If true, use NAT-PMP or UPnP to automatically
* forward the DirPort and ORPort on the NAT device */ * forward the DirPort and ORPort on the NAT device */
char *PortForwardingHelper; /** < Filename or full path of the port char *PortForwardingHelper; /** < Filename or full path of the port
@ -4974,8 +4970,6 @@ typedef struct dir_server_t {
* node that's currently a guard. */ * node that's currently a guard. */
#define PDS_FOR_GUARD (1<<5) #define PDS_FOR_GUARD (1<<5)
#define PDS_PREFER_TUNNELED_DIR_CONNS_ (1<<16)
/** Possible ways to weight routers when choosing one randomly. See /** Possible ways to weight routers when choosing one randomly. See
* routerlist_sl_choose_by_bandwidth() for more information.*/ * routerlist_sl_choose_by_bandwidth() for more information.*/
typedef enum bandwidth_weight_rule_t { typedef enum bandwidth_weight_rule_t {

View File

@ -1282,8 +1282,6 @@ const routerstatus_t *
router_pick_directory_server(dirinfo_type_t type, int flags) router_pick_directory_server(dirinfo_type_t type, int flags)
{ {
const routerstatus_t *choice; const routerstatus_t *choice;
if (get_options()->PreferTunneledDirConns)
flags |= PDS_PREFER_TUNNELED_DIR_CONNS_;
if (!routerlist) if (!routerlist)
return NULL; return NULL;
@ -1385,8 +1383,6 @@ router_pick_dirserver_generic(smartlist_t *sourcelist,
{ {
const routerstatus_t *choice; const routerstatus_t *choice;
int busy = 0; int busy = 0;
if (get_options()->PreferTunneledDirConns)
flags |= PDS_PREFER_TUNNELED_DIR_CONNS_;
choice = router_pick_trusteddirserver_impl(sourcelist, type, flags, &busy); choice = router_pick_trusteddirserver_impl(sourcelist, type, flags, &busy);
if (choice || !(flags & PDS_RETRY_IF_NO_SERVERS)) if (choice || !(flags & PDS_RETRY_IF_NO_SERVERS))
@ -1411,10 +1407,7 @@ router_pick_dirserver_generic(smartlist_t *sourcelist,
/** Pick a random running valid directory server/mirror from our /** Pick a random running valid directory server/mirror from our
* routerlist. Arguments are as for router_pick_directory_server(), except * routerlist. Arguments are as for router_pick_directory_server(), except
* that RETRY_IF_NO_SERVERS is ignored, and: * that RETRY_IF_NO_SERVERS is ignored.
*
* If the PDS_PREFER_TUNNELED_DIR_CONNS_ flag is set, prefer directory servers
* that we can use with BEGINDIR.
*/ */
static const routerstatus_t * static const routerstatus_t *
router_pick_directory_server_impl(dirinfo_type_t type, int flags) router_pick_directory_server_impl(dirinfo_type_t type, int flags)
@ -1428,7 +1421,6 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags)
const networkstatus_t *consensus = networkstatus_get_latest_consensus(); const networkstatus_t *consensus = networkstatus_get_latest_consensus();
int requireother = ! (flags & PDS_ALLOW_SELF); int requireother = ! (flags & PDS_ALLOW_SELF);
int fascistfirewall = ! (flags & PDS_IGNORE_FASCISTFIREWALL); int fascistfirewall = ! (flags & PDS_IGNORE_FASCISTFIREWALL);
int prefer_tunnel = (flags & PDS_PREFER_TUNNELED_DIR_CONNS_);
int for_guard = (flags & PDS_FOR_GUARD); int for_guard = (flags & PDS_FOR_GUARD);
int try_excluding = 1, n_excluded = 0; int try_excluding = 1, n_excluded = 0;
@ -1481,8 +1473,7 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags)
is_overloaded = status->last_dir_503_at + DIR_503_TIMEOUT > now; is_overloaded = status->last_dir_503_at + DIR_503_TIMEOUT > now;
if (prefer_tunnel && if ((!fascistfirewall ||
(!fascistfirewall ||
fascist_firewall_allows_address_or(&addr, status->or_port))) fascist_firewall_allows_address_or(&addr, status->or_port)))
smartlist_add(is_trusted ? trusted_tunnel : smartlist_add(is_trusted ? trusted_tunnel :
is_overloaded ? overloaded_tunnel : tunnel, (void*)node); is_overloaded ? overloaded_tunnel : tunnel, (void*)node);
@ -1569,7 +1560,6 @@ router_pick_trusteddirserver_impl(const smartlist_t *sourcelist,
time_t now = time(NULL); time_t now = time(NULL);
const int requireother = ! (flags & PDS_ALLOW_SELF); const int requireother = ! (flags & PDS_ALLOW_SELF);
const int fascistfirewall = ! (flags & PDS_IGNORE_FASCISTFIREWALL); const int fascistfirewall = ! (flags & PDS_IGNORE_FASCISTFIREWALL);
const int prefer_tunnel = (flags & PDS_PREFER_TUNNELED_DIR_CONNS_);
const int no_serverdesc_fetching =(flags & PDS_NO_EXISTING_SERVERDESC_FETCH); const int no_serverdesc_fetching =(flags & PDS_NO_EXISTING_SERVERDESC_FETCH);
const int no_microdesc_fetching =(flags & PDS_NO_EXISTING_MICRODESC_FETCH); const int no_microdesc_fetching =(flags & PDS_NO_EXISTING_MICRODESC_FETCH);
const double auth_weight = (sourcelist == fallback_dir_servers) ? const double auth_weight = (sourcelist == fallback_dir_servers) ?
@ -1630,8 +1620,7 @@ router_pick_trusteddirserver_impl(const smartlist_t *sourcelist,
} }
} }
if (prefer_tunnel && if (d->or_port &&
d->or_port &&
(!fascistfirewall || (!fascistfirewall ||
fascist_firewall_allows_address_or(&addr, d->or_port))) fascist_firewall_allows_address_or(&addr, d->or_port)))
smartlist_add(is_overloaded ? overloaded_tunnel : tunnel, (void*)d); smartlist_add(is_overloaded ? overloaded_tunnel : tunnel, (void*)d);