mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-10 21:23:58 +01:00
Merge branch 'maint-0.4.5' into maint-0.4.6
This commit is contained in:
commit
77b265f96e
@ -384,8 +384,13 @@ protocol_list_supports_protocol_or_later(const char *list,
|
||||
return contains;
|
||||
}
|
||||
|
||||
/*
|
||||
* XXX START OF HAZARDOUS ZONE XXX
|
||||
*/
|
||||
|
||||
/** Return the canonical string containing the list of protocols
|
||||
* that we support. */
|
||||
* that we support.
|
||||
**/
|
||||
/// C_RUST_COUPLED: src/rust/protover/protover.rs `SUPPORTED_PROTOCOLS`
|
||||
const char *
|
||||
protover_get_supported_protocols(void)
|
||||
@ -395,6 +400,38 @@ protover_get_supported_protocols(void)
|
||||
* Remember to edit the SUPPORTED_PROTOCOLS list in protover.rs if you
|
||||
* are editing this list.
|
||||
*/
|
||||
|
||||
/*
|
||||
* XXX: WARNING!
|
||||
*
|
||||
* Be EXTREMELY CAREFUL when *removing* versions from this list. If you
|
||||
* remove an entry while it still appears as "recommended" in the consensus,
|
||||
* you'll cause all the instances without it to warn.
|
||||
*
|
||||
* If you remove an entry while it still appears as "required" in the
|
||||
* consensus, you'll cause all the instances without it to refuse to connect
|
||||
* to the network, and shut down.
|
||||
*
|
||||
* If you need to remove a version from this list, you need to make sure that
|
||||
* it is not listed in the _current consensuses_: just removing it from the
|
||||
* required list below is NOT ENOUGH. You need to remove it from the
|
||||
* required list, and THEN let the authorities upgrade and vote on new
|
||||
* consensuses without it. Only once those consensuses are out is it safe to
|
||||
* remove from this list.
|
||||
*
|
||||
* One concrete example of a very dangerous race that could occur:
|
||||
*
|
||||
* Suppose that the client supports protocols "HsDir=1-2" and the consensus
|
||||
* requires protocols "HsDir=1-2. If the client supported protocol list is
|
||||
* then changed to "HSDir=2", while the consensus stills lists "HSDir=1-2",
|
||||
* then these clients, even very recent ones, will shut down because they
|
||||
* don't support "HSDir=1".
|
||||
*
|
||||
* And so, changes need to be done in strict sequence as described above.
|
||||
*
|
||||
* XXX: WARNING!
|
||||
*/
|
||||
|
||||
return
|
||||
"Cons=1-2 "
|
||||
"Desc=1-2 "
|
||||
@ -414,6 +451,72 @@ protover_get_supported_protocols(void)
|
||||
"Relay=1-3";
|
||||
}
|
||||
|
||||
/*
|
||||
* XXX: WARNING!
|
||||
*
|
||||
* The recommended and required values are hardwired, to avoid disaster. Voting
|
||||
* on the wrong subprotocols here has the potential to take down the network.
|
||||
*
|
||||
* In particular, you need to be EXTREMELY CAREFUL before adding new versions
|
||||
* to the required protocol list. Doing so will cause every relay or client
|
||||
* that doesn't support those versions to refuse to connect to the network and
|
||||
* shut down.
|
||||
*
|
||||
* Note that this applies to versions, not just protocols! If you say that
|
||||
* Foobar=8-9 is required, and the client only has Foobar=9, it will shut down.
|
||||
*
|
||||
* It is okay to do this only for SUPER OLD relays that are not supported on
|
||||
* the network anyway. For clients, we really shouldn't kick them off the
|
||||
* network unless their presence is causing serious active harm.
|
||||
*
|
||||
* The following required and recommended lists MUST be changed BEFORE the
|
||||
* supported list above is changed, so that these lists appear in the
|
||||
* consensus BEFORE clients need them.
|
||||
*
|
||||
* Please, see the warning in protocol_get_supported_versions().
|
||||
*
|
||||
* XXX: WARNING!
|
||||
*/
|
||||
|
||||
/** Return the recommended client protocols list that directory authorities
|
||||
* put in the consensus. */
|
||||
const char *
|
||||
protover_get_recommended_client_protocols(void)
|
||||
{
|
||||
return "Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 "
|
||||
"Link=4-5 Microdesc=2 Relay=2";
|
||||
}
|
||||
|
||||
/** Return the recommended relay protocols list that directory authorities
|
||||
* put in the consensus. */
|
||||
const char *
|
||||
protover_get_recommended_relay_protocols(void)
|
||||
{
|
||||
return "Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 "
|
||||
"Link=4-5 LinkAuth=3 Microdesc=2 Relay=2";
|
||||
}
|
||||
|
||||
/** Return the required client protocols list that directory authorities
|
||||
* put in the consensus. */
|
||||
const char *
|
||||
protover_get_required_client_protocols(void)
|
||||
{
|
||||
return "Cons=2 Desc=2 Link=4 Microdesc=2 Relay=2";
|
||||
}
|
||||
|
||||
/** Return the required relay protocols list that directory authorities
|
||||
* put in the consensus. */
|
||||
const char *
|
||||
protover_get_required_relay_protocols(void)
|
||||
{
|
||||
return "Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 "
|
||||
"Link=4-5 LinkAuth=3 Microdesc=2 Relay=2";
|
||||
}
|
||||
|
||||
/*
|
||||
* XXX END OF HAZARDOUS ZONE XXX
|
||||
*/
|
||||
|
||||
/** The protocols from protover_get_supported_protocols(), as parsed into a
|
||||
* list of proto_entry_t values. Access this via
|
||||
* get_supported_protocol_list. */
|
||||
|
@ -73,6 +73,10 @@ bool protover_list_is_invalid(const char *s);
|
||||
int protover_all_supported(const char *s, char **missing);
|
||||
int protover_is_supported_here(protocol_type_t pr, uint32_t ver);
|
||||
const char *protover_get_supported_protocols(void);
|
||||
const char *protover_get_recommended_client_protocols(void);
|
||||
const char *protover_get_recommended_relay_protocols(void);
|
||||
const char *protover_get_required_client_protocols(void);
|
||||
const char *protover_get_required_relay_protocols(void);
|
||||
|
||||
char *protover_compute_vote(const struct smartlist_t *list_of_proto_strings,
|
||||
int threshold);
|
||||
|
@ -4800,16 +4800,14 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key,
|
||||
v3_out->client_versions = client_versions;
|
||||
v3_out->server_versions = server_versions;
|
||||
|
||||
/* These are hardwired, to avoid disaster. */
|
||||
v3_out->recommended_relay_protocols =
|
||||
tor_strdup(DIRVOTE_RECOMMEND_RELAY_PROTO);
|
||||
tor_strdup(protover_get_recommended_relay_protocols());
|
||||
v3_out->recommended_client_protocols =
|
||||
tor_strdup(DIRVOTE_RECOMMEND_CLIENT_PROTO);
|
||||
|
||||
v3_out->required_relay_protocols =
|
||||
tor_strdup(DIRVOTE_REQUIRE_RELAY_PROTO);
|
||||
tor_strdup(protover_get_recommended_client_protocols());
|
||||
v3_out->required_client_protocols =
|
||||
tor_strdup(DIRVOTE_REQUIRE_CLIENT_PROTO);
|
||||
tor_strdup(protover_get_required_client_protocols());
|
||||
v3_out->required_relay_protocols =
|
||||
tor_strdup(protover_get_required_relay_protocols());
|
||||
|
||||
/* We are not allowed to vote to require anything we don't have. */
|
||||
tor_assert(protover_all_supported(v3_out->required_relay_protocols, NULL));
|
||||
|
@ -268,64 +268,6 @@ STATIC int64_t extract_param_buggy(const char *params,
|
||||
const char *param_name,
|
||||
int64_t default_value);
|
||||
|
||||
/** The recommended relay protocols for this authority's votes.
|
||||
* Recommending a new protocol causes old tor versions to log a warning.
|
||||
*/
|
||||
#define DIRVOTE_RECOMMEND_RELAY_PROTO \
|
||||
"Cons=2 " \
|
||||
"Desc=2 " \
|
||||
"DirCache=2 " \
|
||||
"HSDir=2 " \
|
||||
"HSIntro=4 " \
|
||||
"HSRend=2 " \
|
||||
"Link=4-5 " \
|
||||
"LinkAuth=3 " \
|
||||
"Microdesc=2 " \
|
||||
"Relay=2"
|
||||
|
||||
/** The recommended client protocols for this authority's votes.
|
||||
* Recommending a new protocol causes old tor versions to log a warning.
|
||||
*/
|
||||
#define DIRVOTE_RECOMMEND_CLIENT_PROTO \
|
||||
"Cons=2 " \
|
||||
"Desc=2 " \
|
||||
"DirCache=2 " \
|
||||
"HSDir=2 " \
|
||||
"HSIntro=4 " \
|
||||
"HSRend=2 " \
|
||||
"Link=4-5 " \
|
||||
"Microdesc=2 " \
|
||||
"Relay=2"
|
||||
|
||||
/** The required relay protocols for this authority's votes.
|
||||
* WARNING: Requiring a new protocol causes old tor versions to shut down.
|
||||
* Requiring the wrong protocols can break the tor network.
|
||||
* See Proposal 303: When and how to remove support for protocol versions.
|
||||
*/
|
||||
#define DIRVOTE_REQUIRE_RELAY_PROTO \
|
||||
"Cons=2 " \
|
||||
"Desc=2 " \
|
||||
"DirCache=2 " \
|
||||
"HSDir=2 " \
|
||||
"HSIntro=4 " \
|
||||
"HSRend=2 " \
|
||||
"Link=4-5 " \
|
||||
"LinkAuth=3 " \
|
||||
"Microdesc=2 " \
|
||||
"Relay=2"
|
||||
|
||||
/** The required relay protocols for this authority's votes.
|
||||
* WARNING: Requiring a new protocol causes old tor versions to shut down.
|
||||
* Requiring the wrong protocols can break the tor network.
|
||||
* See Proposal 303: When and how to remove support for protocol versions.
|
||||
*/
|
||||
#define DIRVOTE_REQUIRE_CLIENT_PROTO \
|
||||
"Cons=2 " \
|
||||
"Desc=2 " \
|
||||
"Link=4 " \
|
||||
"Microdesc=2 " \
|
||||
"Relay=2"
|
||||
|
||||
#endif /* defined(DIRVOTE_PRIVATE) */
|
||||
|
||||
#endif /* !defined(TOR_DIRVOTE_H) */
|
||||
|
@ -606,10 +606,10 @@ test_protover_vote_roundtrip_ours(void *args)
|
||||
(void) args;
|
||||
const char *examples[] = {
|
||||
protover_get_supported_protocols(),
|
||||
DIRVOTE_RECOMMEND_RELAY_PROTO,
|
||||
DIRVOTE_RECOMMEND_CLIENT_PROTO,
|
||||
DIRVOTE_REQUIRE_RELAY_PROTO,
|
||||
DIRVOTE_REQUIRE_CLIENT_PROTO,
|
||||
protover_get_recommended_client_protocols(),
|
||||
protover_get_recommended_relay_protocols(),
|
||||
protover_get_required_client_protocols(),
|
||||
protover_get_required_relay_protocols(),
|
||||
};
|
||||
unsigned u;
|
||||
smartlist_t *votes = smartlist_new();
|
||||
|
Loading…
Reference in New Issue
Block a user