Merge branch 'maint-0.4.5' into maint-0.4.6

This commit is contained in:
David Goulet 2021-11-05 10:44:10 -04:00
commit 77b265f96e
5 changed files with 117 additions and 70 deletions

View File

@ -384,8 +384,13 @@ protocol_list_supports_protocol_or_later(const char *list,
return contains;
}
/*
* XXX START OF HAZARDOUS ZONE XXX
*/
/** Return the canonical string containing the list of protocols
* that we support. */
* that we support.
**/
/// C_RUST_COUPLED: src/rust/protover/protover.rs `SUPPORTED_PROTOCOLS`
const char *
protover_get_supported_protocols(void)
@ -395,6 +400,38 @@ protover_get_supported_protocols(void)
* Remember to edit the SUPPORTED_PROTOCOLS list in protover.rs if you
* are editing this list.
*/
/*
* XXX: WARNING!
*
* Be EXTREMELY CAREFUL when *removing* versions from this list. If you
* remove an entry while it still appears as "recommended" in the consensus,
* you'll cause all the instances without it to warn.
*
* If you remove an entry while it still appears as "required" in the
* consensus, you'll cause all the instances without it to refuse to connect
* to the network, and shut down.
*
* If you need to remove a version from this list, you need to make sure that
* it is not listed in the _current consensuses_: just removing it from the
* required list below is NOT ENOUGH. You need to remove it from the
* required list, and THEN let the authorities upgrade and vote on new
* consensuses without it. Only once those consensuses are out is it safe to
* remove from this list.
*
* One concrete example of a very dangerous race that could occur:
*
* Suppose that the client supports protocols "HsDir=1-2" and the consensus
* requires protocols "HsDir=1-2. If the client supported protocol list is
* then changed to "HSDir=2", while the consensus stills lists "HSDir=1-2",
* then these clients, even very recent ones, will shut down because they
* don't support "HSDir=1".
*
* And so, changes need to be done in strict sequence as described above.
*
* XXX: WARNING!
*/
return
"Cons=1-2 "
"Desc=1-2 "
@ -414,6 +451,72 @@ protover_get_supported_protocols(void)
"Relay=1-3";
}
/*
* XXX: WARNING!
*
* The recommended and required values are hardwired, to avoid disaster. Voting
* on the wrong subprotocols here has the potential to take down the network.
*
* In particular, you need to be EXTREMELY CAREFUL before adding new versions
* to the required protocol list. Doing so will cause every relay or client
* that doesn't support those versions to refuse to connect to the network and
* shut down.
*
* Note that this applies to versions, not just protocols! If you say that
* Foobar=8-9 is required, and the client only has Foobar=9, it will shut down.
*
* It is okay to do this only for SUPER OLD relays that are not supported on
* the network anyway. For clients, we really shouldn't kick them off the
* network unless their presence is causing serious active harm.
*
* The following required and recommended lists MUST be changed BEFORE the
* supported list above is changed, so that these lists appear in the
* consensus BEFORE clients need them.
*
* Please, see the warning in protocol_get_supported_versions().
*
* XXX: WARNING!
*/
/** Return the recommended client protocols list that directory authorities
* put in the consensus. */
const char *
protover_get_recommended_client_protocols(void)
{
return "Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 "
"Link=4-5 Microdesc=2 Relay=2";
}
/** Return the recommended relay protocols list that directory authorities
* put in the consensus. */
const char *
protover_get_recommended_relay_protocols(void)
{
return "Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 "
"Link=4-5 LinkAuth=3 Microdesc=2 Relay=2";
}
/** Return the required client protocols list that directory authorities
* put in the consensus. */
const char *
protover_get_required_client_protocols(void)
{
return "Cons=2 Desc=2 Link=4 Microdesc=2 Relay=2";
}
/** Return the required relay protocols list that directory authorities
* put in the consensus. */
const char *
protover_get_required_relay_protocols(void)
{
return "Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 "
"Link=4-5 LinkAuth=3 Microdesc=2 Relay=2";
}
/*
* XXX END OF HAZARDOUS ZONE XXX
*/
/** The protocols from protover_get_supported_protocols(), as parsed into a
* list of proto_entry_t values. Access this via
* get_supported_protocol_list. */

View File

@ -73,6 +73,10 @@ bool protover_list_is_invalid(const char *s);
int protover_all_supported(const char *s, char **missing);
int protover_is_supported_here(protocol_type_t pr, uint32_t ver);
const char *protover_get_supported_protocols(void);
const char *protover_get_recommended_client_protocols(void);
const char *protover_get_recommended_relay_protocols(void);
const char *protover_get_required_client_protocols(void);
const char *protover_get_required_relay_protocols(void);
char *protover_compute_vote(const struct smartlist_t *list_of_proto_strings,
int threshold);

View File

@ -4800,16 +4800,14 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key,
v3_out->client_versions = client_versions;
v3_out->server_versions = server_versions;
/* These are hardwired, to avoid disaster. */
v3_out->recommended_relay_protocols =
tor_strdup(DIRVOTE_RECOMMEND_RELAY_PROTO);
tor_strdup(protover_get_recommended_relay_protocols());
v3_out->recommended_client_protocols =
tor_strdup(DIRVOTE_RECOMMEND_CLIENT_PROTO);
v3_out->required_relay_protocols =
tor_strdup(DIRVOTE_REQUIRE_RELAY_PROTO);
tor_strdup(protover_get_recommended_client_protocols());
v3_out->required_client_protocols =
tor_strdup(DIRVOTE_REQUIRE_CLIENT_PROTO);
tor_strdup(protover_get_required_client_protocols());
v3_out->required_relay_protocols =
tor_strdup(protover_get_required_relay_protocols());
/* We are not allowed to vote to require anything we don't have. */
tor_assert(protover_all_supported(v3_out->required_relay_protocols, NULL));

View File

@ -268,64 +268,6 @@ STATIC int64_t extract_param_buggy(const char *params,
const char *param_name,
int64_t default_value);
/** The recommended relay protocols for this authority's votes.
* Recommending a new protocol causes old tor versions to log a warning.
*/
#define DIRVOTE_RECOMMEND_RELAY_PROTO \
"Cons=2 " \
"Desc=2 " \
"DirCache=2 " \
"HSDir=2 " \
"HSIntro=4 " \
"HSRend=2 " \
"Link=4-5 " \
"LinkAuth=3 " \
"Microdesc=2 " \
"Relay=2"
/** The recommended client protocols for this authority's votes.
* Recommending a new protocol causes old tor versions to log a warning.
*/
#define DIRVOTE_RECOMMEND_CLIENT_PROTO \
"Cons=2 " \
"Desc=2 " \
"DirCache=2 " \
"HSDir=2 " \
"HSIntro=4 " \
"HSRend=2 " \
"Link=4-5 " \
"Microdesc=2 " \
"Relay=2"
/** The required relay protocols for this authority's votes.
* WARNING: Requiring a new protocol causes old tor versions to shut down.
* Requiring the wrong protocols can break the tor network.
* See Proposal 303: When and how to remove support for protocol versions.
*/
#define DIRVOTE_REQUIRE_RELAY_PROTO \
"Cons=2 " \
"Desc=2 " \
"DirCache=2 " \
"HSDir=2 " \
"HSIntro=4 " \
"HSRend=2 " \
"Link=4-5 " \
"LinkAuth=3 " \
"Microdesc=2 " \
"Relay=2"
/** The required relay protocols for this authority's votes.
* WARNING: Requiring a new protocol causes old tor versions to shut down.
* Requiring the wrong protocols can break the tor network.
* See Proposal 303: When and how to remove support for protocol versions.
*/
#define DIRVOTE_REQUIRE_CLIENT_PROTO \
"Cons=2 " \
"Desc=2 " \
"Link=4 " \
"Microdesc=2 " \
"Relay=2"
#endif /* defined(DIRVOTE_PRIVATE) */
#endif /* !defined(TOR_DIRVOTE_H) */

View File

@ -606,10 +606,10 @@ test_protover_vote_roundtrip_ours(void *args)
(void) args;
const char *examples[] = {
protover_get_supported_protocols(),
DIRVOTE_RECOMMEND_RELAY_PROTO,
DIRVOTE_RECOMMEND_CLIENT_PROTO,
DIRVOTE_REQUIRE_RELAY_PROTO,
DIRVOTE_REQUIRE_CLIENT_PROTO,
protover_get_recommended_client_protocols(),
protover_get_recommended_relay_protocols(),
protover_get_required_client_protocols(),
protover_get_required_relay_protocols(),
};
unsigned u;
smartlist_t *votes = smartlist_new();