mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-27 22:03:31 +01:00
r16326@catbus: nickm | 2007-11-01 00:56:45 -0400
As an authority, send back an X-Descriptor-Not-New header when we accept but do not store a descriptor. Partial implementation of fix for bug 535. svn:r12310
This commit is contained in:
parent
90ce047aae
commit
37c44b81df
@ -41,6 +41,9 @@ Changes in version 0.2.0.10-alpha - 2007-1?-??
|
|||||||
claims about the authority's IP address.
|
claims about the authority's IP address.
|
||||||
- New --quiet command-line option to suppress the default console log.
|
- New --quiet command-line option to suppress the default console log.
|
||||||
Good in combination with --hash-password.
|
Good in combination with --hash-password.
|
||||||
|
- Authorities send back an X-Descriptor-Not-New header in response to
|
||||||
|
an accepted-but-discarded descriptor upload. Partially implements
|
||||||
|
fix for bug 535.
|
||||||
|
|
||||||
o Minor features (controller):
|
o Minor features (controller):
|
||||||
- When reporting clock skew, and we only have a lower bound on the amount
|
- When reporting clock skew, and we only have a lower bound on the amount
|
||||||
|
5
doc/TODO
5
doc/TODO
@ -57,7 +57,8 @@ Things we'd like to do in 0.2.0.x:
|
|||||||
and send netinfo and be "open".
|
and send netinfo and be "open".
|
||||||
o On netinfo, warn if there's skew from a server.
|
o On netinfo, warn if there's skew from a server.
|
||||||
- Learn our outgoing IP address from netinfo cells?
|
- Learn our outgoing IP address from netinfo cells?
|
||||||
- Earliest stages of 110 (infinite-length) in v2 protocol.
|
- Earliest stages of 110 (infinite-length) in v2 protocol:
|
||||||
|
add support for RELAY_EARLY.
|
||||||
- TLS only
|
- TLS only
|
||||||
- Need to get a finished TLS normalization proposal
|
- Need to get a finished TLS normalization proposal
|
||||||
- Revised authentication.
|
- Revised authentication.
|
||||||
@ -207,7 +208,7 @@ R - drop 'authority' queries if they're to our own identity key; accept
|
|||||||
- Limit to 2 dir, 2 OR, N SOCKS connections per IP.
|
- Limit to 2 dir, 2 OR, N SOCKS connections per IP.
|
||||||
- Or maybe close connections from same IP when we get a lot from one.
|
- Or maybe close connections from same IP when we get a lot from one.
|
||||||
- Or maybe block IPs that connect too many times at once.
|
- Or maybe block IPs that connect too many times at once.
|
||||||
- add an AuthDirBadexit torrc option if we decide we want one.
|
D add an AuthDirBadexit torrc option if we decide we want one.
|
||||||
|
|
||||||
- Testing
|
- Testing
|
||||||
N - Hack up a client that gives out weird/no certificates, so we can
|
N - Hack up a client that gives out weird/no certificates, so we can
|
||||||
|
@ -1631,6 +1631,17 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
|
|||||||
case 200: {
|
case 200: {
|
||||||
trusted_dir_server_t *ds =
|
trusted_dir_server_t *ds =
|
||||||
router_get_trusteddirserver_by_digest(conn->identity_digest);
|
router_get_trusteddirserver_by_digest(conn->identity_digest);
|
||||||
|
char *rejected_hdr = http_get_header(headers,
|
||||||
|
"X-Descriptor-Not-New: ");
|
||||||
|
int rejected = 0;
|
||||||
|
if (rejected_hdr) {
|
||||||
|
if (!strcmp(rejected, "Yes")) {
|
||||||
|
/* XXXX020 use this information; be sure to upload next one
|
||||||
|
* sooner. */
|
||||||
|
rejected = 1;
|
||||||
|
}
|
||||||
|
tor_free(rejected_hdr);
|
||||||
|
}
|
||||||
log_info(LD_GENERAL,"eof (status 200) after uploading server "
|
log_info(LD_GENERAL,"eof (status 200) after uploading server "
|
||||||
"descriptor: finished.");
|
"descriptor: finished.");
|
||||||
control_event_server_status(
|
control_event_server_status(
|
||||||
@ -1898,6 +1909,7 @@ write_http_status_line(dir_connection_t *conn, int status,
|
|||||||
static void
|
static void
|
||||||
write_http_response_header_impl(dir_connection_t *conn, ssize_t length,
|
write_http_response_header_impl(dir_connection_t *conn, ssize_t length,
|
||||||
const char *type, const char *encoding,
|
const char *type, const char *encoding,
|
||||||
|
const cahr *extra_headers,
|
||||||
int cache_lifetime)
|
int cache_lifetime)
|
||||||
{
|
{
|
||||||
char date[RFC1123_TIME_LEN+1];
|
char date[RFC1123_TIME_LEN+1];
|
||||||
@ -1911,9 +1923,13 @@ write_http_response_header_impl(dir_connection_t *conn, ssize_t length,
|
|||||||
format_rfc1123_time(date, now);
|
format_rfc1123_time(date, now);
|
||||||
cp = tmp;
|
cp = tmp;
|
||||||
tor_snprintf(cp, sizeof(tmp),
|
tor_snprintf(cp, sizeof(tmp),
|
||||||
"HTTP/1.0 200 OK\r\nDate: %s\r\nContent-Type: %s\r\n",
|
"HTTP/1.0 200 OK\r\nDate: %s\r\n",
|
||||||
date, type);
|
date);
|
||||||
cp += strlen(tmp);
|
cp += strlen(tmp);
|
||||||
|
if (type) {
|
||||||
|
tor_snprintf(cp, sizeof(tmp)-(cp-tmp), "Content-Type: %s\r\n", type);
|
||||||
|
cp += strlen(cp);
|
||||||
|
}
|
||||||
if (!is_internal_IP(conn->_base.addr, 0)) {
|
if (!is_internal_IP(conn->_base.addr, 0)) {
|
||||||
/* Don't report the source address for a localhost/private connection. */
|
/* Don't report the source address for a localhost/private connection. */
|
||||||
tor_snprintf(cp, sizeof(tmp)-(cp-tmp),
|
tor_snprintf(cp, sizeof(tmp)-(cp-tmp),
|
||||||
@ -1938,12 +1954,14 @@ write_http_response_header_impl(dir_connection_t *conn, ssize_t length,
|
|||||||
tor_snprintf(cp, sizeof(tmp)-(cp-tmp),
|
tor_snprintf(cp, sizeof(tmp)-(cp-tmp),
|
||||||
"Expires: %s\r\n", expbuf);
|
"Expires: %s\r\n", expbuf);
|
||||||
cp += strlen(cp);
|
cp += strlen(cp);
|
||||||
} else {
|
} else if (cache_lifetime == 0) {
|
||||||
/* We could say 'Cache-control: no-cache' here if we start doing
|
/* We could say 'Cache-control: no-cache' here if we start doing
|
||||||
* http/1.1 */
|
* http/1.1 */
|
||||||
strlcpy(cp, "Pragma: no-cache\r\n", sizeof(tmp)-(cp-tmp));
|
strlcpy(cp, "Pragma: no-cache\r\n", sizeof(tmp)-(cp-tmp));
|
||||||
cp += strlen(cp);
|
cp += strlen(cp);
|
||||||
}
|
}
|
||||||
|
if (extra_headers)
|
||||||
|
strlcpy(cp, extra_headers, sizeof(tmp)-(cp-tmp));
|
||||||
if (sizeof(tmp)-(cp-tmp) > 3)
|
if (sizeof(tmp)-(cp-tmp) > 3)
|
||||||
memcpy(cp, "\r\n", 3);
|
memcpy(cp, "\r\n", 3);
|
||||||
else
|
else
|
||||||
@ -1960,6 +1978,7 @@ write_http_response_header(dir_connection_t *conn, ssize_t length,
|
|||||||
write_http_response_header_impl(conn, length,
|
write_http_response_header_impl(conn, length,
|
||||||
deflated?"application/octet-stream":"text/plain",
|
deflated?"application/octet-stream":"text/plain",
|
||||||
deflated?"deflate":"identity",
|
deflated?"deflate":"identity",
|
||||||
|
NULL,
|
||||||
cache_lifetime);
|
cache_lifetime);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2528,7 +2547,7 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
|
|||||||
case 1: /* valid */
|
case 1: /* valid */
|
||||||
write_http_response_header_impl(conn, desc_len,
|
write_http_response_header_impl(conn, desc_len,
|
||||||
"application/octet-stream",
|
"application/octet-stream",
|
||||||
NULL, 0);
|
NULL, NULL, 0);
|
||||||
note_request("/tor/rendezvous?/", desc_len);
|
note_request("/tor/rendezvous?/", desc_len);
|
||||||
/* need to send descp separately, because it may include nuls */
|
/* need to send descp separately, because it may include nuls */
|
||||||
connection_write_to_buf(descp, desc_len, TO_CONN(conn));
|
connection_write_to_buf(descp, desc_len, TO_CONN(conn));
|
||||||
@ -2685,6 +2704,9 @@ directory_handle_command_post(dir_connection_t *conn, const char *headers,
|
|||||||
write_http_status_line(conn, 400, msg);
|
write_http_status_line(conn, 400, msg);
|
||||||
break;
|
break;
|
||||||
case 0: /* accepted but discarded */
|
case 0: /* accepted but discarded */
|
||||||
|
write_http_response_header(conn, -1, NULL, NULL,
|
||||||
|
"X-Descriptor-Not-New: Yes\r\n", -1);
|
||||||
|
break;
|
||||||
case 2: /* accepted */
|
case 2: /* accepted */
|
||||||
write_http_status_line(conn, 200, msg);
|
write_http_status_line(conn, 200, msg);
|
||||||
break;
|
break;
|
||||||
|
Loading…
Reference in New Issue
Block a user