Add two new networkstatus parameters to emulate AssumeReachable.

These parameters do not suppress checks, but they tell relays that
it's okay to publish even when those checks fail.

I have chosen lowercase hyphenated names, since these seem to be
more common in networkstatus params.

Closes #33224 and part of #34064.

changes/ticket34064

@@ -0,0 +1,5 @@
+  o Minor features (relay, ipv6):
+    - Add new "assume-reachable" and "assume-reachable-ipv6" parameters
+      to be used in an emergency to tell relays that they should publish
+      even if they cannot complete their ORPort self-checks.
+      Closes ticket 34064 and part of 33224.

src/feature/nodelist/networkstatus.c

@@ -1698,6 +1698,7 @@ notify_after_networkstatus_changes(void)
                                  get_circuit_build_times_mutable(), c);
   channelpadding_new_consensus_params(c);
   circpad_new_consensus_params(c);
+  router_new_consensus_params(c);
 }
 
 /** Copy all the ancillary information (like router download status and so on)

src/feature/relay/router.c

@@ -1335,6 +1335,17 @@ should_refuse_unknown_exits(const or_options_t *options)
   }
 }
 
+/**
+ * If true, then we will publish our descriptor even if our own IPv4 ORPort
+ * seems to be unreachable.
+ **/
+static bool publish_even_when_ipv4_orport_unreachable = false;
+/**
+ * If true, then we will publish our descriptor even if our own IPv6 ORPort
+ * seems to be unreachable.
+ **/
+static bool publish_even_when_ipv6_orport_unreachable = false;
+
 /** Decide if we're a publishable server. We are a publishable server if:
  * - We don't have the ClientOnly option set
  * and
@@ -1363,8 +1374,18 @@ decide_if_publishable_server(void)
     return 1;
   if (!router_get_advertised_or_port(options))
     return 0;
-  if (!router_all_orports_seem_reachable(options))
-    return 0;
+  if (!router_orport_seems_reachable(AF_INET)) {
+    // We have an ipv4 orport, and it doesn't seem reachable.
+    if (!publish_even_when_ipv4_orport_unreachable) {
+      return 0;
+    }
+  }
+  if (!router_orport_seems_reachable(AF_INET6)) {
+    // We have an ipv6 orport, and it doesn't seem reachable.
+    if (!publish_even_when_ipv6_orport_unreachable) {
+      return 0;
+    }
+  }
   if (router_have_consensus_path() == CONSENSUS_PATH_INTERNAL) {
     /* All set: there are no exits in the consensus (maybe this is a tiny
      * test network), so we can't check our DirPort reachability. */
@@ -2388,6 +2409,24 @@ router_rebuild_descriptor(int force)
   return 0;
 }
 
+/** Called when we have a new set of consensus parameters. */
+void
+router_new_consensus_params(const networkstatus_t *ns)
+{
+  const int32_t DEFAULT_ASSUME_REACHABLE = 0;
+  const int32_t DEFAULT_ASSUME_REACHABLE_IPV6 = 0;
+  int ar, ar6;
+  ar = networkstatus_get_param(ns,
+                               "assume-reachable",
+                               DEFAULT_ASSUME_REACHABLE, 0, 1);
+  ar6 = networkstatus_get_param(ns,
+                                "assume-reachable-ipv6",
+                                DEFAULT_ASSUME_REACHABLE_IPV6, 0, 1);
+
+  publish_even_when_ipv4_orport_unreachable = ar;
+  publish_even_when_ipv6_orport_unreachable = ar || ar6;
+}
+
 /** If our router descriptor ever goes this long without being regenerated
  * because something changed, we force an immediate regenerate-and-upload. */
 #define FORCE_REGENERATE_DESCRIPTOR_INTERVAL (18*60*60)

src/feature/relay/router.h

@@ -34,6 +34,7 @@ void set_server_identity_key(crypto_pk_t *k);
 MOCK_DECL(crypto_pk_t *,get_server_identity_key,(void));
 #else
 #define get_server_identity_key() (tor_abort_(),NULL)
+#define router_new_consensus_params(c) ((void)(c))
 #endif
 int server_identity_key_is_set(void);
 void set_client_identity_key(crypto_pk_t *k);
@@ -81,6 +82,7 @@ int router_should_advertise_dirport(const or_options_t *options,
 void consider_publishable_server(int force);
 int should_refuse_unknown_exits(const or_options_t *options);
 
+void router_new_consensus_params(const networkstatus_t *);
 void router_upload_dir_desc_to_dirservers(int force);
 void mark_my_descriptor_dirty_if_too_old(time_t now);
 void mark_my_descriptor_dirty(const char *reason);