nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-24 12:23:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add scary warnings about changing the protover list.

Browse Source 
Doing this in the wrong way has potential to cause serious havoc on
the network, so let's make it harder for future programmers to mess
it up.
This commit is contained in:
Nick Mathewson 2021-11-05 09:15:10 -04:00
parent cfd1482f78
commit 7c085490f5
2 changed files with 45 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/core/or/protover.c
View File

@ -377,11 +377,31 @@ protocol_list_supports_protocol_or_later(const char *list,
} }
/** Return the canonical string containing the list of protocols /** Return the canonical string containing the list of protocols
* that we support. */ * that we support.
**/
/// C_RUST_COUPLED: src/rust/protover/protover.rs `SUPPORTED_PROTOCOLS` /// C_RUST_COUPLED: src/rust/protover/protover.rs `SUPPORTED_PROTOCOLS`
const char * const char *
protover_get_supported_protocols(void) protover_get_supported_protocols(void)
{ {
/*
* WARNING!
*
* Be EXTREMELY CAREFUL when *removing* versions from this list. If you
* remove an entry while it still appears as "recommended" in the consensus,
* you'll cause all the instances without it to warn. If you remove an entry
* while it still appears as "required" in the consensus, you'll cause
* all the instances without it to refuse to connect to the network, and
* shut down.
*
* If you need to remove a version from this list, you need to make sure
* that it is not listed in the _current consensuses_: just removing it from
* the required list in dirvote.c is NOT ENOUGH. You need to remove it from
* the required list dirvote.c, and THEN let the authorities update and vote
* on new consensuses without it. Only once those consensuses are out is
* it safe to remove from this list.
*
* WARNING!
*/
return return
"Cons=1-2 " "Cons=1-2 "
"Desc=1-2 " "Desc=1-2 "

24
src/feature/dirauth/dirvote.c
View File

@ -4577,7 +4577,29 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key,
v3_out->client_versions = client_versions; v3_out->client_versions = client_versions;
v3_out->server_versions = server_versions; v3_out->server_versions = server_versions;
/* These are hardwired, to avoid disaster. */ /*
* WARNING!
*
* These values are hardwired, to avoid disaster. Voting on the wrong
* subprotocols here has the potential to take down the network.
*
* In particular, you need to be EXTREMELY CAREFUL before adding new
* versions to the required protocol list. Doing so will cause every relay
* or client that doesn't support those versions to refuse to connect to the
* network and shut down.
*
* Note that this applies to versions, not just protocols! If you say that
* Foobar=8-9 is required, and the client only has Foobar=9, it will shut
* down.
*
* It is okay to do this only for SUPER OLD relays that are not supported on
* the network anyway. For clients, we really shouldn't kick them off the
* network unless their presence is causing serious active harm.
*
* See also the warning in protocol_get_supported_versions().
*
* WARNING!
*/
v3_out->recommended_relay_protocols = v3_out->recommended_relay_protocols =
tor_strdup("Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 " tor_strdup("Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 "
"Link=4 Microdesc=1-2 Relay=2"); "Link=4 Microdesc=1-2 Relay=2");