From ea91edff15014eb24458cb0309e22d761cb170c1 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 19 Dec 2019 08:24:46 -0500 Subject: [PATCH 01/19] Dirauth options: move versioning options to dirauth module This commit moves VersioningAuthoritativeDirectory, RecommendedClientVersions, and RecommendedServerVersions. --- src/app/config/config.c | 4 -- src/app/config/or_options_st.h | 8 --- src/feature/dirauth/dirauth_config.c | 71 ++++++++++++++++++------- src/feature/dirauth/dirauth_options.inc | 13 +++++ src/feature/dirauth/dirvote.c | 7 +-- src/test/test_options.c | 25 +++++++-- 6 files changed, 90 insertions(+), 38 deletions(-) diff --git a/src/app/config/config.c b/src/app/config/config.c index 680a7eeefa..095c12109c 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -623,9 +623,6 @@ static const config_var_t option_vars_[] = { V(ReachableAddresses, LINELIST, NULL), V(ReachableDirAddresses, LINELIST, NULL), V(ReachableORAddresses, LINELIST, NULL), - V(RecommendedVersions, LINELIST, NULL), - V(RecommendedClientVersions, LINELIST, NULL), - V(RecommendedServerVersions, LINELIST, NULL), OBSOLETE("RecommendedPackages"), V(ReducedConnectionPadding, BOOL, "0"), V(ConnectionPadding, AUTOBOOL, "auto"), @@ -703,7 +700,6 @@ static const config_var_t option_vars_[] = { V(V3AuthUseLegacyKey, BOOL, "0"), V(V3BandwidthsFile, FILENAME, NULL), V(GuardfractionFile, FILENAME, NULL), - VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"), OBSOLETE("VoteOnHidServDirectoriesV2"), V(VirtualAddrNetworkIPv4, STRING, "127.192.0.0/10"), V(VirtualAddrNetworkIPv6, STRING, "[FE80::]/10"), diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h index e63ae2510f..037dbf5a32 100644 --- a/src/app/config/or_options_st.h +++ b/src/app/config/or_options_st.h @@ -113,11 +113,6 @@ struct or_options_t { * [][0] is IPv4, [][1] is IPv6 */ tor_addr_t OutboundBindAddresses[OUTBOUND_ADDR_MAX][2]; - /** Directory server only: which versions of - * Tor should we tell users to run? */ - struct config_line_t *RecommendedVersions; - struct config_line_t *RecommendedClientVersions; - struct config_line_t *RecommendedServerVersions; /** Whether dirservers allow router descriptors with private IPs. */ int DirAllowPrivateAddresses; /** Whether routers accept EXTEND cells to routers with private IPs. */ @@ -192,9 +187,6 @@ struct or_options_t { int AuthoritativeDir; /**< Boolean: is this an authoritative directory? */ int V3AuthoritativeDir; /**< Boolean: is this an authoritative directory * for version 3 directories? */ - int VersioningAuthoritativeDir; /**< Boolean: is this an authoritative - * directory that's willing to recommend - * versions? */ int BridgeAuthoritativeDir; /**< Boolean: is this an authoritative directory * that aggregates bridge descriptors? */ diff --git a/src/feature/dirauth/dirauth_config.c b/src/feature/dirauth/dirauth_config.c index b7e160c241..821ea38acd 100644 --- a/src/feature/dirauth/dirauth_config.c +++ b/src/feature/dirauth/dirauth_config.c @@ -73,24 +73,6 @@ options_validate_dirauth_mode(const or_options_t *old_options, if (!options->ContactInfo && !options->TestingTorNetwork) REJECT("Authoritative directory servers must set ContactInfo"); - if (!options->RecommendedClientVersions) - options->RecommendedClientVersions = - config_lines_dup(options->RecommendedVersions); - if (!options->RecommendedServerVersions) - options->RecommendedServerVersions = - config_lines_dup(options->RecommendedVersions); - if (options->VersioningAuthoritativeDir && - (!options->RecommendedClientVersions || - !options->RecommendedServerVersions)) - REJECT("Versioning authoritative dir servers must set " - "Recommended*Versions."); - - char *t; - /* Call these functions to produce warnings only. */ - t = format_recommended_version_list(options->RecommendedClientVersions, 1); - tor_free(t); - t = format_recommended_version_list(options->RecommendedServerVersions, 1); - tor_free(t); if (options->UseEntryGuards) { log_info(LD_CONFIG, "Authoritative directory servers can't set " @@ -441,6 +423,55 @@ options_act_dirauth_stats(const or_options_t *old_options, return 0; } +/** + * Make any necessary modifications to a dirauth_options_t that occur + * before validation. On success return 0; on failure return -1 and + * set *msg_out to a newly allocated error string. + **/ +static int +dirauth_options_pre_normalize(void *arg, char **msg_out) +{ + dirauth_options_t *options = arg; + (void)msg_out; + + if (!options->RecommendedClientVersions) + options->RecommendedClientVersions = + config_lines_dup(options->RecommendedVersions); + if (!options->RecommendedServerVersions) + options->RecommendedServerVersions = + config_lines_dup(options->RecommendedVersions); + + return 0; +} + +/** + * Check whether a dirauth_options_t is correct. + * + * On success return 0; on failure return -1 and set *msg_out to a + * newly allocated error string. + **/ +static int +dirauth_options_validate(const void *arg, char **msg) +{ + const dirauth_options_t *options = arg; + + if (options->VersioningAuthoritativeDirectory && + (!options->RecommendedClientVersions || + !options->RecommendedServerVersions)) { + REJECT("Versioning authoritative dir servers must set " + "Recommended*Versions."); + } + + char *t; + /* Call these functions to produce warnings only. */ + t = format_recommended_version_list(options->RecommendedClientVersions, 1); + tor_free(t); + t = format_recommended_version_list(options->RecommendedServerVersions, 1); + tor_free(t); + + return 0; +} + /* Declare the options field table for dirauth_options */ #define CONF_CONTEXT TABLE #include "feature/dirauth/dirauth_options.inc" @@ -458,5 +489,7 @@ const config_format_t dirauth_options_fmt = { DIRAUTH_OPTIONS_MAGIC, offsetof(dirauth_options_t, magic) }, .vars = dirauth_options_t_vars, -}; + .pre_normalize_fn = dirauth_options_pre_normalize, + .validate_fn = dirauth_options_validate +}; diff --git a/src/feature/dirauth/dirauth_options.inc b/src/feature/dirauth/dirauth_options.inc index 6b66f1e289..f9ca2bb4dc 100644 --- a/src/feature/dirauth/dirauth_options.inc +++ b/src/feature/dirauth/dirauth_options.inc @@ -15,4 +15,17 @@ BEGIN_CONF_STRUCT(dirauth_options_t) /** Do not permit more than this number of servers per IP address. */ CONF_VAR(AuthDirMaxServersPerAddr, POSINT, 0, "2") +/** Which versions of tor should we tell users to run? */ +CONF_VAR(RecommendedVersions, LINELIST, 0, NULL) + +/** Which versions of tor should we tell users to run on clients? */ +CONF_VAR(RecommendedClientVersions, LINELIST, 0, NULL) + +/** Which versions of tor should we tell users to run on relays? */ +CONF_VAR(RecommendedServerVersions, LINELIST, 0, NULL) + +/** Boolean: is this an authoritative directory that's willing to recommend + * versions? */ +CONF_VAR(VersioningAuthoritativeDirectory, BOOL, 0, "0") + END_CONF_STRUCT(dirauth_options_t) diff --git a/src/feature/dirauth/dirvote.c b/src/feature/dirauth/dirvote.c index 13003bf639..acb6617178 100644 --- a/src/feature/dirauth/dirvote.c +++ b/src/feature/dirauth/dirvote.c @@ -4419,6 +4419,7 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key, authority_cert_t *cert) { const or_options_t *options = get_options(); + const dirauth_options_t *d_options = dirauth_get_options(); networkstatus_t *v3_out = NULL; uint32_t addr; char *hostname = NULL, *client_versions = NULL, *server_versions = NULL; @@ -4458,11 +4459,11 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key, hostname = tor_dup_ip(addr); } - if (options->VersioningAuthoritativeDir) { + if (d_options->VersioningAuthoritativeDirectory) { client_versions = - format_recommended_version_list(options->RecommendedClientVersions, 0); + format_recommended_version_list(d_options->RecommendedClientVersions, 0); server_versions = - format_recommended_version_list(options->RecommendedServerVersions, 0); + format_recommended_version_list(d_options->RecommendedServerVersions, 0); } contact = get_options()->ContactInfo; diff --git a/src/test/test_options.c b/src/test/test_options.c index e3b86c81ad..fe21cc96fd 100644 --- a/src/test/test_options.c +++ b/src/test/test_options.c @@ -10,6 +10,8 @@ #include "lib/confmgt/confmgt.h" #include "app/config/config.h" #include "feature/dirauth/dirauth_config.h" +#include "feature/dirauth/dirauth_options_st.h" +#include "feature/dirauth/dirauth_sys.h" #include "feature/relay/relay_config.h" #include "test/test.h" #include "lib/geoip/geoip.h" @@ -752,6 +754,14 @@ test_options_validate__logs(void *ignored) /* return config_line; */ /* } */ +static dirauth_options_t * +get_dirauth_options(or_options_t *opt) +{ + int idx = subsystems_get_options_idx(&sys_dirauth); + tor_assert(idx >= 0); + return config_mgr_get_obj_mutable(get_options_mgr(), opt, idx); +} + static void test_options_validate__authdir(void *ignored) { @@ -762,6 +772,7 @@ test_options_validate__authdir(void *ignored) options_test_data_t *tdata = get_options_test_data( ENABLE_AUTHORITY_V3_MIN "Address this.should.not!exist!.example.org"); + const dirauth_options_t *da_opt; sandbox_disable_getaddrinfo_cache(); @@ -820,8 +831,9 @@ test_options_validate__authdir(void *ignored) "RecommendedVersions 1.2, 3.14\n"); mock_clean_saved_logs(); options_validate(NULL, tdata->opt, &msg); - tt_str_op(tdata->opt->RecommendedClientVersions->value, OP_EQ, "1.2, 3.14"); - tt_str_op(tdata->opt->RecommendedServerVersions->value, OP_EQ, "1.2, 3.14"); + da_opt = get_dirauth_options(tdata->opt); + tt_str_op(da_opt->RecommendedClientVersions->value, OP_EQ, "1.2, 3.14"); + tt_str_op(da_opt->RecommendedServerVersions->value, OP_EQ, "1.2, 3.14"); tor_free(msg); free_options_test_data(tdata); @@ -831,8 +843,9 @@ test_options_validate__authdir(void *ignored) "RecommendedServerVersions 4.18\n"); mock_clean_saved_logs(); options_validate(NULL, tdata->opt, &msg); - tt_str_op(tdata->opt->RecommendedClientVersions->value, OP_EQ, "25"); - tt_str_op(tdata->opt->RecommendedServerVersions->value, OP_EQ, "4.18"); + da_opt = get_dirauth_options(tdata->opt); + tt_str_op(da_opt->RecommendedClientVersions->value, OP_EQ, "25"); + tt_str_op(da_opt->RecommendedServerVersions->value, OP_EQ, "4.18"); tor_free(msg); free_options_test_data(tdata); @@ -843,6 +856,7 @@ test_options_validate__authdir(void *ignored) "RecommendedServerVersions 4.18\n"); mock_clean_saved_logs(); options_validate(NULL, tdata->opt, &msg); + da_opt = get_dirauth_options(tdata->opt); tt_str_op(msg, OP_EQ, "AuthoritativeDir is set, but none of (Bridge/V3)" "AuthoritativeDir is set."); tor_free(msg); @@ -853,6 +867,7 @@ test_options_validate__authdir(void *ignored) "RecommendedServerVersions 4.18\n"); mock_clean_saved_logs(); options_validate(NULL, tdata->opt, &msg); + da_opt = get_dirauth_options(tdata->opt); tt_str_op(msg, OP_EQ, "Versioning authoritative dir servers must set " "Recommended*Versions."); tor_free(msg); @@ -863,9 +878,11 @@ test_options_validate__authdir(void *ignored) "RecommendedClientVersions 4.18\n"); mock_clean_saved_logs(); options_validate(NULL, tdata->opt, &msg); + da_opt = get_dirauth_options(tdata->opt); tt_str_op(msg, OP_EQ, "Versioning authoritative dir servers must set " "Recommended*Versions."); tor_free(msg); + da_opt = NULL; free_options_test_data(tdata); tdata = get_options_test_data(ENABLE_AUTHORITY_V3 From 7d5e360c3b74e52ecc997a6accefd39fbbd6f092 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 19 Dec 2019 08:50:19 -0500 Subject: [PATCH 02/19] Move BW-guarantee options in to dirauth module. --- src/app/config/config.c | 4 --- src/app/config/or_options_st.h | 8 ----- src/feature/dirauth/dirauth_config.c | 40 +++++-------------------- src/feature/dirauth/dirauth_config.h | 6 ---- src/feature/dirauth/dirauth_options.inc | 8 +++++ src/feature/dirauth/voteflags.c | 14 +++++---- 6 files changed, 24 insertions(+), 56 deletions(-) diff --git a/src/app/config/config.c b/src/app/config/config.c index 095c12109c..f3d889edb6 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -329,8 +329,6 @@ static const config_var_t option_vars_[] = { V(AuthDirBadExitCCs, CSV, ""), V(AuthDirInvalid, LINELIST, NULL), V(AuthDirInvalidCCs, CSV, ""), - V(AuthDirFastGuarantee, MEMUNIT, "100 KB"), - V(AuthDirGuardBWGuarantee, MEMUNIT, "2 MB"), V(AuthDirPinKeys, BOOL, "1"), V(AuthDirReject, LINELIST, NULL), V(AuthDirRejectCCs, CSV, ""), @@ -3876,8 +3874,6 @@ options_validate_cb(const void *old_options_, void *options_, char **msg) if (options_validate_relay_bandwidth(old_options, options, msg) < 0) return -1; - if (options_validate_dirauth_bandwidth(old_options, options, msg) < 0) - return -1; if (options->BandwidthRate > options->BandwidthBurst) REJECT("BandwidthBurst must be at least equal to BandwidthRate."); diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h index 037dbf5a32..9d58633aab 100644 --- a/src/app/config/or_options_st.h +++ b/src/app/config/or_options_st.h @@ -462,14 +462,6 @@ struct or_options_t { int AuthDirHasIPv6Connectivity; /**< Boolean: are we on IPv6? */ int AuthDirPinKeys; /**< Boolean: Do we enforce key-pinning? */ - /** If non-zero, always vote the Fast flag for any relay advertising - * this amount of capacity or more. */ - uint64_t AuthDirFastGuarantee; - - /** If non-zero, this advertised capacity or more is always sufficient - * to satisfy the bandwidth requirement for the Guard flag. */ - uint64_t AuthDirGuardBWGuarantee; - char *AccountingStart; /**< How long is the accounting interval, and when * does it start? */ uint64_t AccountingMax; /**< How many bytes do we allow per accounting diff --git a/src/feature/dirauth/dirauth_config.c b/src/feature/dirauth/dirauth_config.c index 821ea38acd..ccece9721d 100644 --- a/src/feature/dirauth/dirauth_config.c +++ b/src/feature/dirauth/dirauth_config.c @@ -117,39 +117,6 @@ options_validate_dirauth_mode(const or_options_t *old_options, return 0; } -/** - * Legacy validation/normalization function for the dirauth bandwidth options - * in options. Uses old_options as the previous options. - * - * Returns 0 on success, returns -1 and sets *msg to a newly allocated string - * on error. - */ -int -options_validate_dirauth_bandwidth(const or_options_t *old_options, - or_options_t *options, - char **msg) -{ - (void)old_options; - - if (BUG(!options)) - return -1; - - if (BUG(!msg)) - return -1; - - if (!authdir_mode(options)) - return 0; - - if (config_ensure_bandwidth_cap(&options->AuthDirFastGuarantee, - "AuthDirFastGuarantee", msg) < 0) - return -1; - if (config_ensure_bandwidth_cap(&options->AuthDirGuardBWGuarantee, - "AuthDirGuardBWGuarantee", msg) < 0) - return -1; - - return 0; -} - /** * Legacy validation/normalization function for the dirauth schedule options * in options. Uses old_options as the previous options. @@ -441,6 +408,13 @@ dirauth_options_pre_normalize(void *arg, char **msg_out) options->RecommendedServerVersions = config_lines_dup(options->RecommendedVersions); + if (config_ensure_bandwidth_cap(&options->AuthDirFastGuarantee, + "AuthDirFastGuarantee", msg_out) < 0) + return -1; + if (config_ensure_bandwidth_cap(&options->AuthDirGuardBWGuarantee, + "AuthDirGuardBWGuarantee", msg_out) < 0) + return -1; + return 0; } diff --git a/src/feature/dirauth/dirauth_config.h b/src/feature/dirauth/dirauth_config.h index d21fb69d1e..163f036e11 100644 --- a/src/feature/dirauth/dirauth_config.h +++ b/src/feature/dirauth/dirauth_config.h @@ -22,10 +22,6 @@ int options_validate_dirauth_mode(const struct or_options_t *old_options, struct or_options_t *options, char **msg); -int options_validate_dirauth_bandwidth(const struct or_options_t *old_options, - struct or_options_t *options, - char **msg); - int options_validate_dirauth_schedule(const struct or_options_t *old_options, struct or_options_t *options, char **msg); @@ -67,8 +63,6 @@ options_validate_dirauth_mode(const struct or_options_t *old_options, return 0; } -#define options_validate_dirauth_bandwidth(old_options, options, msg) \ - (((void)(old_options)),((void)(options)),((void)(msg)),0) #define options_validate_dirauth_schedule(old_options, options, msg) \ (((void)(old_options)),((void)(options)),((void)(msg)),0) #define options_validate_dirauth_testing(old_options, options, msg) \ diff --git a/src/feature/dirauth/dirauth_options.inc b/src/feature/dirauth/dirauth_options.inc index f9ca2bb4dc..1870f46511 100644 --- a/src/feature/dirauth/dirauth_options.inc +++ b/src/feature/dirauth/dirauth_options.inc @@ -12,6 +12,14 @@ /** Holds configuration about our directory authority options. */ BEGIN_CONF_STRUCT(dirauth_options_t) +/** If non-zero, always vote the Fast flag for any relay advertising + * this amount of capacity or more. */ +CONF_VAR(AuthDirFastGuarantee, MEMUNIT, 0, "100 KB") + +/** If non-zero, this advertised capacity or more is always sufficient + * to satisfy the bandwidth requirement for the Guard flag. */ +CONF_VAR(AuthDirGuardBWGuarantee, MEMUNIT, 0, "2 MB") + /** Do not permit more than this number of servers per IP address. */ CONF_VAR(AuthDirMaxServersPerAddr, POSINT, 0, "2") diff --git a/src/feature/dirauth/voteflags.c b/src/feature/dirauth/voteflags.c index f552af98c4..7129418a0a 100644 --- a/src/feature/dirauth/voteflags.c +++ b/src/feature/dirauth/voteflags.c @@ -18,6 +18,7 @@ #include "core/or/policies.h" #include "feature/dirauth/bwauth.h" #include "feature/dirauth/reachability.h" +#include "feature/dirauth/dirauth_sys.h" #include "feature/hibernate/hibernate.h" #include "feature/nodelist/dirlist.h" #include "feature/nodelist/networkstatus.h" @@ -27,6 +28,7 @@ #include "feature/relay/router.h" #include "feature/stats/rephist.h" +#include "feature/dirauth/dirauth_options_st.h" #include "feature/nodelist/node_st.h" #include "feature/nodelist/routerinfo_st.h" #include "feature/nodelist/routerlist_st.h" @@ -352,9 +354,11 @@ dirserv_compute_performance_thresholds(digestmap_t *omit_as_sybil) } /* Protect sufficiently fast nodes from being pushed out of the set * of Fast nodes. */ - if (options->AuthDirFastGuarantee && - fast_bandwidth_kb > options->AuthDirFastGuarantee/1000) - fast_bandwidth_kb = (uint32_t)options->AuthDirFastGuarantee/1000; + { + const uint64_t fast_opt = dirauth_get_options()->AuthDirFastGuarantee; + if (fast_opt && fast_bandwidth_kb > fast_opt / 1000) + fast_bandwidth_kb = (uint32_t)(fast_opt / 1000); + } /* Now that we have a time-known that 7/8 routers are known longer than, * fill wfus with the wfu of every such "familiar" router. */ @@ -571,10 +575,10 @@ dirauth_set_routerstatus_from_routerinfo(routerstatus_t *rs, set_routerstatus_from_routerinfo(rs, node, ri); /* Override rs->is_possible_guard. */ + const uint64_t bw_opt = dirauth_get_options()->AuthDirGuardBWGuarantee; if (node->is_fast && node->is_stable && ri->supports_tunnelled_dir_requests && - ((options->AuthDirGuardBWGuarantee && - routerbw_kb >= options->AuthDirGuardBWGuarantee/1000) || + ((bw_opt && routerbw_kb >= bw_opt / 1000) || routerbw_kb >= MIN(guard_bandwidth_including_exits_kb, guard_bandwidth_excluding_exits_kb))) { long tk = rep_hist_get_weighted_time_known( From bc0f1076d53e57d1a4ba19170a1c27d9eaee34e8 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 19 Dec 2019 09:18:03 -0500 Subject: [PATCH 03/19] Move get_foo_options() test helpers into a new test module. Some of these helpers will be needed in multiple places in the unit tests, so we should move them now. --- src/test/include.am | 2 ++ src/test/opts_test_helpers.c | 38 ++++++++++++++++++++++++++++++++++++ src/test/opts_test_helpers.h | 22 +++++++++++++++++++++ src/test/test_options.c | 17 +--------------- 4 files changed, 63 insertions(+), 16 deletions(-) create mode 100644 src/test/opts_test_helpers.c create mode 100644 src/test/opts_test_helpers.h diff --git a/src/test/include.am b/src/test/include.am index 94352c8644..210f575db0 100644 --- a/src/test/include.am +++ b/src/test/include.am @@ -107,6 +107,7 @@ src_test_test_SOURCES += \ src/test/fakecircs.c \ src/test/log_test_helpers.c \ src/test/hs_test_helpers.c \ + src/test/opts_test_helpers.c \ src/test/rend_test_helpers.c \ src/test/resolve_test_helpers.c \ src/test/rng_test_helpers.c \ @@ -351,6 +352,7 @@ noinst_HEADERS+= \ src/test/fakecircs.h \ src/test/hs_test_helpers.h \ src/test/log_test_helpers.h \ + src/test/opts_test_helpers.h \ src/test/rend_test_helpers.h \ src/test/resolve_test_helpers.h \ src/test/rng_test_helpers.h \ diff --git a/src/test/opts_test_helpers.c b/src/test/opts_test_helpers.c new file mode 100644 index 0000000000..619ca40733 --- /dev/null +++ b/src/test/opts_test_helpers.c @@ -0,0 +1,38 @@ +/* Copyright (c) 2001 Matej Pfajfar. + * Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2019, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * @file opts_testing_helpers.c + * @brief Helper functions to access module-specific config options. + **/ + +#include "orconfig.h" +#include "test/opts_test_helpers.h" + +#define CONFIG_PRIVATE +#include "core/or/or.h" +#include "lib/confmgt/confmgt.h" +#include "app/main/subsysmgr.h" +#include "app/config/config.h" + +#include "lib/crypt_ops/crypto_sys.h" +#include "feature/dirauth/dirauth_sys.h" + +struct dirauth_options_t * +get_dirauth_options(struct or_options_t *opt) +{ + int idx = subsystems_get_options_idx(&sys_dirauth); + tor_assert(idx >= 0); + return config_mgr_get_obj_mutable(get_options_mgr(), opt, idx); +} + +struct crypto_options_t * +get_crypto_options(struct or_options_t *opt) +{ + int idx = subsystems_get_options_idx(&sys_crypto); + tor_assert(idx >= 0); + return config_mgr_get_obj_mutable(get_options_mgr(), opt, idx); +} diff --git a/src/test/opts_test_helpers.h b/src/test/opts_test_helpers.h new file mode 100644 index 0000000000..f925194e63 --- /dev/null +++ b/src/test/opts_test_helpers.h @@ -0,0 +1,22 @@ +/* Copyright (c) 2001 Matej Pfajfar. + * Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2019, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * @file opts_testing_helpers.h + * @brief Header for test/opts_test_helpers.c + **/ + +#ifndef TOR_TEST_OPTS_TESTING_HELPERS_H +#define TOR_TEST_OPTS_TESTING_HELPERS_H + +struct crypto_options_t; +struct dirauth_options_t; +struct or_options_t; + +struct crypto_options_t *get_crypto_options(struct or_options_t *opt); +struct dirauth_options_t *get_dirauth_options(struct or_options_t *opt); + +#endif /* !defined(TOR_TEST_OPTS_TESTING_HELPERS_H) */ diff --git a/src/test/test_options.c b/src/test/test_options.c index fe21cc96fd..1649a25861 100644 --- a/src/test/test_options.c +++ b/src/test/test_options.c @@ -31,6 +31,7 @@ #include "lib/encoding/confline.h" #include "core/or/policies.h" #include "test/test_helpers.h" +#include "test/opts_test_helpers.h" #include "lib/net/resolve.h" #ifdef HAVE_SYS_PARAM_H @@ -754,14 +755,6 @@ test_options_validate__logs(void *ignored) /* return config_line; */ /* } */ -static dirauth_options_t * -get_dirauth_options(or_options_t *opt) -{ - int idx = subsystems_get_options_idx(&sys_dirauth); - tor_assert(idx >= 0); - return config_mgr_get_obj_mutable(get_options_mgr(), opt, idx); -} - static void test_options_validate__authdir(void *ignored) { @@ -4005,14 +3998,6 @@ test_options_validate__testing_options(void *ignored) tor_free(msg); } -static crypto_options_t * -get_crypto_options(or_options_t *opt) -{ - int idx = subsystems_get_options_idx(&sys_crypto); - tor_assert(idx >= 0); - return config_mgr_get_obj_mutable(get_options_mgr(), opt, idx); -} - static void test_options_validate__accel(void *ignored) { From eedab30a7bd5663984264bb5f9ef43cf57450143 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 19 Dec 2019 09:07:01 -0500 Subject: [PATCH 04/19] Move AuthDirHasIPv6Connectivity into dirauth module. --- src/app/config/config.c | 1 - src/app/config/or_options_st.h | 1 - src/feature/dirauth/dirauth_options.inc | 3 +++ src/feature/dirauth/reachability.c | 4 +++- src/feature/dirauth/voteflags.c | 5 +++-- src/test/test_voting_flags.c | 4 +++- 6 files changed, 12 insertions(+), 6 deletions(-) diff --git a/src/app/config/config.c b/src/app/config/config.c index f3d889edb6..2d1d09e185 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -336,7 +336,6 @@ static const config_var_t option_vars_[] = { OBSOLETE("AuthDirListBadDirs"), V(AuthDirListBadExits, BOOL, "0"), OBSOLETE("AuthDirMaxServersPerAuthAddr"), - V(AuthDirHasIPv6Connectivity, BOOL, "0"), VAR("AuthoritativeDirectory", BOOL, AuthoritativeDir, "0"), V(AutomapHostsOnResolve, BOOL, "0"), V(AutomapHostsSuffixes, CSV, ".onion,.exit"), diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h index 9d58633aab..b8da3cdd09 100644 --- a/src/app/config/or_options_st.h +++ b/src/app/config/or_options_st.h @@ -459,7 +459,6 @@ struct or_options_t { int AuthDirListBadExits; /**< True iff we should list bad exits, * and vote for all other exits as good. */ - int AuthDirHasIPv6Connectivity; /**< Boolean: are we on IPv6? */ int AuthDirPinKeys; /**< Boolean: Do we enforce key-pinning? */ char *AccountingStart; /**< How long is the accounting interval, and when diff --git a/src/feature/dirauth/dirauth_options.inc b/src/feature/dirauth/dirauth_options.inc index 1870f46511..ea1c59e83c 100644 --- a/src/feature/dirauth/dirauth_options.inc +++ b/src/feature/dirauth/dirauth_options.inc @@ -20,6 +20,9 @@ CONF_VAR(AuthDirFastGuarantee, MEMUNIT, 0, "100 KB") * to satisfy the bandwidth requirement for the Guard flag. */ CONF_VAR(AuthDirGuardBWGuarantee, MEMUNIT, 0, "2 MB") +/** Boolean: are we on IPv6? */ +CONF_VAR(AuthDirHasIPv6Connectivity, BOOL, 0, "0") + /** Do not permit more than this number of servers per IP address. */ CONF_VAR(AuthDirMaxServersPerAddr, POSINT, 0, "2") diff --git a/src/feature/dirauth/reachability.c b/src/feature/dirauth/reachability.c index 883b692cbb..2f883d5034 100644 --- a/src/feature/dirauth/reachability.c +++ b/src/feature/dirauth/reachability.c @@ -17,6 +17,7 @@ #include "core/or/channeltls.h" #include "core/or/command.h" #include "feature/dirauth/authmode.h" +#include "feature/dirauth/dirauth_sys.h" #include "feature/nodelist/describe.h" #include "feature/nodelist/nodelist.h" #include "feature/nodelist/routerinfo.h" @@ -24,6 +25,7 @@ #include "feature/nodelist/torcert.h" #include "feature/stats/rephist.h" +#include "feature/dirauth/dirauth_options_st.h" #include "feature/nodelist/node_st.h" #include "feature/nodelist/routerinfo_st.h" #include "feature/nodelist/routerlist_st.h" @@ -154,7 +156,7 @@ dirserv_single_reachability_test(time_t now, routerinfo_t *router) if (chan) command_setup_channel(chan); /* Possible IPv6. */ - if (get_options()->AuthDirHasIPv6Connectivity == 1 && + if (dirauth_get_options()->AuthDirHasIPv6Connectivity == 1 && !tor_addr_is_null(&router->ipv6_addr)) { char addrstr[TOR_ADDR_BUF_LEN]; log_debug(LD_OR, "Testing reachability of %s at %s:%u.", diff --git a/src/feature/dirauth/voteflags.c b/src/feature/dirauth/voteflags.c index 7129418a0a..8b9b8bc5c1 100644 --- a/src/feature/dirauth/voteflags.c +++ b/src/feature/dirauth/voteflags.c @@ -485,6 +485,7 @@ dirserv_set_router_is_running(routerinfo_t *router, time_t now) */ int answer; const or_options_t *options = get_options(); + const dirauth_options_t *dirauth_options = dirauth_get_options(); node_t *node = node_get_mutable_by_id(router->cache_info.identity_digest); tor_assert(node); @@ -511,7 +512,7 @@ dirserv_set_router_is_running(routerinfo_t *router, time_t now) IPv6 OR port since that'd kill all dual stack relays until a majority of the dir auths have IPv6 connectivity. */ answer = (now < node->last_reachable + REACHABLE_TIMEOUT && - (options->AuthDirHasIPv6Connectivity != 1 || + (dirauth_options->AuthDirHasIPv6Connectivity != 1 || tor_addr_is_null(&router->ipv6_addr) || now < node->last_reachable6 + REACHABLE_TIMEOUT)); } @@ -542,7 +543,7 @@ static int should_publish_node_ipv6(const node_t *node, const routerinfo_t *ri, time_t now) { - const or_options_t *options = get_options(); + const dirauth_options_t *options = dirauth_get_options(); return options->AuthDirHasIPv6Connectivity == 1 && !tor_addr_is_null(&ri->ipv6_addr) && diff --git a/src/test/test_voting_flags.c b/src/test/test_voting_flags.c index c8111ea5df..510531fbcd 100644 --- a/src/test/test_voting_flags.c +++ b/src/test/test_voting_flags.c @@ -8,6 +8,7 @@ #include "core/or/or.h" #include "feature/dirauth/voteflags.h" +#include "feature/dirauth/dirauth_options_st.h" #include "feature/nodelist/node_st.h" #include "feature/nodelist/routerstatus_st.h" #include "feature/nodelist/routerinfo_st.h" @@ -15,6 +16,7 @@ #include "app/config/config.h" #include "test/test.h" +#include "test/opts_test_helpers.h" typedef struct { time_t now; @@ -119,7 +121,7 @@ test_voting_flags_ipv6(void *arg) if (!check_result(cfg)) goto done; - get_options_mutable()->AuthDirHasIPv6Connectivity = 1; + get_dirauth_options(get_options_mutable())->AuthDirHasIPv6Connectivity = 1; // no change in expected results, since last_reachable6 won't be set. if (!check_result(cfg)) goto done; From 9386b0b28ad7c276eaaf4546a1764c605850dba3 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 19 Dec 2019 09:24:57 -0500 Subject: [PATCH 05/19] Move AuthDirListBadExits to dirauth module. --- src/app/config/config.c | 1 - src/app/config/or_options_st.h | 2 -- src/feature/dirauth/dirauth_options.inc | 4 ++++ src/feature/dirauth/dirvote.c | 2 +- 4 files changed, 5 insertions(+), 4 deletions(-) diff --git a/src/app/config/config.c b/src/app/config/config.c index 2d1d09e185..815cd76e80 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -334,7 +334,6 @@ static const config_var_t option_vars_[] = { V(AuthDirRejectCCs, CSV, ""), OBSOLETE("AuthDirRejectUnlisted"), OBSOLETE("AuthDirListBadDirs"), - V(AuthDirListBadExits, BOOL, "0"), OBSOLETE("AuthDirMaxServersPerAuthAddr"), VAR("AuthoritativeDirectory", BOOL, AuthoritativeDir, "0"), V(AutomapHostsOnResolve, BOOL, "0"), diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h index b8da3cdd09..45175e7c2e 100644 --- a/src/app/config/or_options_st.h +++ b/src/app/config/or_options_st.h @@ -457,8 +457,6 @@ struct or_options_t { struct smartlist_t *AuthDirRejectCCs; /**@}*/ - int AuthDirListBadExits; /**< True iff we should list bad exits, - * and vote for all other exits as good. */ int AuthDirPinKeys; /**< Boolean: Do we enforce key-pinning? */ char *AccountingStart; /**< How long is the accounting interval, and when diff --git a/src/feature/dirauth/dirauth_options.inc b/src/feature/dirauth/dirauth_options.inc index ea1c59e83c..af3a22c8fa 100644 --- a/src/feature/dirauth/dirauth_options.inc +++ b/src/feature/dirauth/dirauth_options.inc @@ -23,6 +23,10 @@ CONF_VAR(AuthDirGuardBWGuarantee, MEMUNIT, 0, "2 MB") /** Boolean: are we on IPv6? */ CONF_VAR(AuthDirHasIPv6Connectivity, BOOL, 0, "0") +/** True iff we should list bad exits, * and vote for all other exits as + * good. */ +CONF_VAR(AuthDirListBadExits, BOOL, 0, "0") + /** Do not permit more than this number of servers per IP address. */ CONF_VAR(AuthDirMaxServersPerAddr, POSINT, 0, "2") diff --git a/src/feature/dirauth/dirvote.c b/src/feature/dirauth/dirvote.c index acb6617178..7caa6bf30d 100644 --- a/src/feature/dirauth/dirvote.c +++ b/src/feature/dirauth/dirvote.c @@ -4427,7 +4427,7 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key, smartlist_t *routers, *routerstatuses; char identity_digest[DIGEST_LEN]; char signing_key_digest[DIGEST_LEN]; - int listbadexits = options->AuthDirListBadExits; + const int listbadexits = d_options->AuthDirListBadExits; routerlist_t *rl = router_get_routerlist(); time_t now = time(NULL); time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH; From 99874ecc1de43756bc5ba7f92ef8073e5d5b3c72 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 19 Dec 2019 09:27:35 -0500 Subject: [PATCH 06/19] Move AuthDirPinKeys to dirauth module. --- src/app/config/config.c | 1 - src/app/config/or_options_st.h | 2 -- src/feature/dirauth/dirauth_options.inc | 3 +++ src/feature/dirauth/process_descs.c | 6 ++++-- 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/src/app/config/config.c b/src/app/config/config.c index 815cd76e80..02ab2f2f88 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -329,7 +329,6 @@ static const config_var_t option_vars_[] = { V(AuthDirBadExitCCs, CSV, ""), V(AuthDirInvalid, LINELIST, NULL), V(AuthDirInvalidCCs, CSV, ""), - V(AuthDirPinKeys, BOOL, "1"), V(AuthDirReject, LINELIST, NULL), V(AuthDirRejectCCs, CSV, ""), OBSOLETE("AuthDirRejectUnlisted"), diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h index 45175e7c2e..b55c364c26 100644 --- a/src/app/config/or_options_st.h +++ b/src/app/config/or_options_st.h @@ -457,8 +457,6 @@ struct or_options_t { struct smartlist_t *AuthDirRejectCCs; /**@}*/ - int AuthDirPinKeys; /**< Boolean: Do we enforce key-pinning? */ - char *AccountingStart; /**< How long is the accounting interval, and when * does it start? */ uint64_t AccountingMax; /**< How many bytes do we allow per accounting diff --git a/src/feature/dirauth/dirauth_options.inc b/src/feature/dirauth/dirauth_options.inc index af3a22c8fa..dddb538981 100644 --- a/src/feature/dirauth/dirauth_options.inc +++ b/src/feature/dirauth/dirauth_options.inc @@ -30,6 +30,9 @@ CONF_VAR(AuthDirListBadExits, BOOL, 0, "0") /** Do not permit more than this number of servers per IP address. */ CONF_VAR(AuthDirMaxServersPerAddr, POSINT, 0, "2") +/** Boolean: Do we enforce key-pinning? */ +CONF_VAR(AuthDirPinKeys, BOOL, 0, "1") + /** Which versions of tor should we tell users to run? */ CONF_VAR(RecommendedVersions, LINELIST, 0, NULL) diff --git a/src/feature/dirauth/process_descs.c b/src/feature/dirauth/process_descs.c index 8dae4e9335..207aae3791 100644 --- a/src/feature/dirauth/process_descs.c +++ b/src/feature/dirauth/process_descs.c @@ -18,6 +18,7 @@ #include "app/config/config.h" #include "core/or/policies.h" #include "core/or/versions.h" +#include "feature/dirauth/dirauth_sys.h" #include "feature/dirauth/keypin.h" #include "feature/dirauth/reachability.h" #include "feature/dirclient/dlstatus.h" @@ -32,6 +33,7 @@ #include "feature/relay/router.h" #include "core/or/tor_version_st.h" +#include "feature/dirauth/dirauth_options_st.h" #include "feature/nodelist/extrainfo_st.h" #include "feature/nodelist/node_st.h" #include "feature/nodelist/routerinfo_st.h" @@ -232,7 +234,7 @@ dirserv_router_get_status(const routerinfo_t *router, const char **msg, int severity) { char d[DIGEST_LEN]; - const int key_pinning = get_options()->AuthDirPinKeys; + const int key_pinning = dirauth_get_options()->AuthDirPinKeys; if (crypto_pk_get_digest(router->identity_pkey, d)) { log_warn(LD_BUG,"Error computing fingerprint"); @@ -666,7 +668,7 @@ dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source) char *desc, *nickname; const size_t desclen = ri->cache_info.signed_descriptor_len + ri->cache_info.annotations_len; - const int key_pinning = get_options()->AuthDirPinKeys; + const int key_pinning = dirauth_get_options()->AuthDirPinKeys; *msg = NULL; /* If it's too big, refuse it now. Otherwise we'll cache it all over the From f4f70e1f13bc66558926b3255a8783e3bdca5f66 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 19 Dec 2019 09:34:27 -0500 Subject: [PATCH 07/19] Move AuthDirSharedRandomness to dirauth module. --- src/app/config/config.c | 1 - src/app/config/or_options_st.h | 6 ------ src/feature/dirauth/dirauth_options.inc | 6 ++++++ src/feature/dirauth/shared_random.c | 6 ++++-- 4 files changed, 10 insertions(+), 9 deletions(-) diff --git a/src/app/config/config.c b/src/app/config/config.c index 02ab2f2f88..5ce5174da7 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -679,7 +679,6 @@ static const config_var_t option_vars_[] = { OBSOLETE("UseNTorHandshake"), V_IMMUTABLE(User, STRING, NULL), OBSOLETE("UserspaceIOCPBuffers"), - V(AuthDirSharedRandomness, BOOL, "1"), V(AuthDirTestEd25519LinkKeys, BOOL, "1"), OBSOLETE("V1AuthoritativeDirectory"), OBSOLETE("V2AuthoritativeDirectory"), diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h index b55c364c26..dc36c40562 100644 --- a/src/app/config/or_options_st.h +++ b/src/app/config/or_options_st.h @@ -979,12 +979,6 @@ struct or_options_t { */ uint64_t MaxUnparseableDescSizeToLog; - /** Bool (default: 1): Switch for the shared random protocol. Only - * relevant to a directory authority. If off, the authority won't - * participate in the protocol. If on (default), a flag is added to the - * vote indicating participation. */ - int AuthDirSharedRandomness; - /** If 1, we skip all OOS checks. */ int DisableOOSCheck; diff --git a/src/feature/dirauth/dirauth_options.inc b/src/feature/dirauth/dirauth_options.inc index dddb538981..ec4d997f9f 100644 --- a/src/feature/dirauth/dirauth_options.inc +++ b/src/feature/dirauth/dirauth_options.inc @@ -33,6 +33,12 @@ CONF_VAR(AuthDirMaxServersPerAddr, POSINT, 0, "2") /** Boolean: Do we enforce key-pinning? */ CONF_VAR(AuthDirPinKeys, BOOL, 0, "1") +/** Bool (default: 1): Switch for the shared random protocol. Only + * relevant to a directory authority. If off, the authority won't + * participate in the protocol. If on (default), a flag is added to the + * vote indicating participation. */ +CONF_VAR(AuthDirSharedRandomness, BOOL, 0, "1") + /** Which versions of tor should we tell users to run? */ CONF_VAR(RecommendedVersions, LINELIST, 0, NULL) diff --git a/src/feature/dirauth/shared_random.c b/src/feature/dirauth/shared_random.c index ebc595e517..f91a3a3e25 100644 --- a/src/feature/dirauth/shared_random.c +++ b/src/feature/dirauth/shared_random.c @@ -103,7 +103,9 @@ #include "feature/dirauth/dirvote.h" #include "feature/dirauth/authmode.h" +#include "feature/dirauth/dirauth_sys.h" +#include "feature/dirauth/dirauth_options_st.h" #include "feature/nodelist/authority_cert_st.h" #include "feature/nodelist/networkstatus_st.h" @@ -1130,7 +1132,7 @@ sr_get_string_for_vote(void) char *vote_str = NULL; digestmap_t *state_commits; smartlist_t *chunks = smartlist_new(); - const or_options_t *options = get_options(); + const dirauth_options_t *options = dirauth_get_options(); /* Are we participating in the protocol? */ if (!options->AuthDirSharedRandomness) { @@ -1195,7 +1197,7 @@ sr_get_string_for_consensus(const smartlist_t *votes, int32_t num_srv_agreements) { char *srv_str; - const or_options_t *options = get_options(); + const dirauth_options_t *options = dirauth_get_options(); tor_assert(votes); From b1d029b9a13ffd3cc69bbbebf8d7d2b381751a59 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 19 Dec 2019 09:38:25 -0500 Subject: [PATCH 08/19] Move AuthDirTestEd25519LinkKeys to the dirauth module. --- src/app/config/config.c | 1 - src/app/config/or_options_st.h | 5 ----- src/feature/dirauth/dirauth_options.inc | 5 +++++ src/feature/dirauth/reachability.c | 6 +++--- 4 files changed, 8 insertions(+), 9 deletions(-) diff --git a/src/app/config/config.c b/src/app/config/config.c index 5ce5174da7..06a0110e4a 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -679,7 +679,6 @@ static const config_var_t option_vars_[] = { OBSOLETE("UseNTorHandshake"), V_IMMUTABLE(User, STRING, NULL), OBSOLETE("UserspaceIOCPBuffers"), - V(AuthDirTestEd25519LinkKeys, BOOL, "1"), OBSOLETE("V1AuthoritativeDirectory"), OBSOLETE("V2AuthoritativeDirectory"), VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir, "0"), diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h index dc36c40562..46c709622d 100644 --- a/src/app/config/or_options_st.h +++ b/src/app/config/or_options_st.h @@ -986,11 +986,6 @@ struct or_options_t { * If -1, we should do whatever the consensus parameter says. */ int ExtendByEd25519ID; - /** Bool (default: 1): When testing routerinfos as a directory authority, - * do we enforce Ed25519 identity match? */ - /* NOTE: remove this option someday. */ - int AuthDirTestEd25519LinkKeys; - /** Bool (default: 0): Tells if a %include was used on torrc */ int IncludeUsed; diff --git a/src/feature/dirauth/dirauth_options.inc b/src/feature/dirauth/dirauth_options.inc index ec4d997f9f..ca70a51b9e 100644 --- a/src/feature/dirauth/dirauth_options.inc +++ b/src/feature/dirauth/dirauth_options.inc @@ -39,6 +39,11 @@ CONF_VAR(AuthDirPinKeys, BOOL, 0, "1") * vote indicating participation. */ CONF_VAR(AuthDirSharedRandomness, BOOL, 0, "1") +/** Bool (default: 1): When testing routerinfos as a directory authority, + * do we enforce Ed25519 identity match? */ +/* NOTE: remove this option someday. */ +CONF_VAR(AuthDirTestEd25519LinkKeys, BOOL, 0, "1") + /** Which versions of tor should we tell users to run? */ CONF_VAR(RecommendedVersions, LINELIST, 0, NULL) diff --git a/src/feature/dirauth/reachability.c b/src/feature/dirauth/reachability.c index 2f883d5034..27aa661f81 100644 --- a/src/feature/dirauth/reachability.c +++ b/src/feature/dirauth/reachability.c @@ -55,7 +55,7 @@ dirserv_orconn_tls_done(const tor_addr_t *addr, ri = node->ri; - if (get_options()->AuthDirTestEd25519LinkKeys && + if (dirauth_get_options()->AuthDirTestEd25519LinkKeys && node_supports_ed25519_link_authentication(node, 1) && ri->cache_info.signing_key_cert) { /* We allow the node to have an ed25519 key if we haven't been told one in @@ -127,7 +127,7 @@ dirserv_should_launch_reachability_test(const routerinfo_t *ri, void dirserv_single_reachability_test(time_t now, routerinfo_t *router) { - const or_options_t *options = get_options(); + const dirauth_options_t *dirauth_options = dirauth_get_options(); channel_t *chan = NULL; const node_t *node = NULL; tor_addr_t router_addr; @@ -138,7 +138,7 @@ dirserv_single_reachability_test(time_t now, routerinfo_t *router) node = node_get_by_id(router->cache_info.identity_digest); tor_assert(node); - if (options->AuthDirTestEd25519LinkKeys && + if (dirauth_options->AuthDirTestEd25519LinkKeys && node_supports_ed25519_link_authentication(node, 1) && router->cache_info.signing_key_cert) { ed_id_key = &router->cache_info.signing_key_cert->signing_key; From 77dea66e19404a4c07f0e738efb7710f542037ed Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 19 Dec 2019 09:43:25 -0500 Subject: [PATCH 09/19] Move MinUptimeHidServDirectoryV2 to dirauth module. --- src/app/config/config.c | 1 - src/app/config/or_options_st.h | 3 --- src/feature/dirauth/dirauth_config.c | 12 ++++++------ src/feature/dirauth/dirauth_options.inc | 4 ++++ src/feature/dirauth/voteflags.c | 6 +++--- src/test/test_options.c | 5 +++-- 6 files changed, 16 insertions(+), 15 deletions(-) diff --git a/src/app/config/config.c b/src/app/config/config.c index 06a0110e4a..4b47894cc1 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -712,7 +712,6 @@ static const config_var_t option_vars_[] = { OwningControllerProcess, NULL), VAR_NODUMP_IMMUTABLE("__OwningControllerFD", UINT64, OwningControllerFD, UINT64_MAX_STRING), - V(MinUptimeHidServDirectoryV2, INTERVAL, "96 hours"), V(TestingServerDownloadInitialDelay, CSV_INTERVAL, "0"), V(TestingClientDownloadInitialDelay, CSV_INTERVAL, "0"), V(TestingServerConsensusDownloadInitialDelay, CSV_INTERVAL, "0"), diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h index 46c709622d..09edc21a79 100644 --- a/src/app/config/or_options_st.h +++ b/src/app/config/or_options_st.h @@ -257,9 +257,6 @@ struct or_options_t { int FetchServerDescriptors; /**< Do we fetch server descriptors as normal? */ int FetchHidServDescriptors; /**< and hidden service descriptors? */ - int MinUptimeHidServDirectoryV2; /**< As directory authority, accept hidden - * service directories after what time? */ - int FetchUselessDescriptors; /**< Do we fetch non-running descriptors too? */ int AllDirActionsPrivate; /**< Should every directory action be sent * through a Tor circuit? */ diff --git a/src/feature/dirauth/dirauth_config.c b/src/feature/dirauth/dirauth_config.c index ccece9721d..e3f06e9e8a 100644 --- a/src/feature/dirauth/dirauth_config.c +++ b/src/feature/dirauth/dirauth_config.c @@ -108,12 +108,6 @@ options_validate_dirauth_mode(const or_options_t *old_options, if (options->ClientOnly) REJECT("Running as authoritative directory, but ClientOnly also set."); - if (options->MinUptimeHidServDirectoryV2 < 0) { - log_warn(LD_CONFIG, "MinUptimeHidServDirectoryV2 option must be at " - "least 0 seconds. Changing to 0."); - options->MinUptimeHidServDirectoryV2 = 0; - } - return 0; } @@ -415,6 +409,12 @@ dirauth_options_pre_normalize(void *arg, char **msg_out) "AuthDirGuardBWGuarantee", msg_out) < 0) return -1; + if (options->MinUptimeHidServDirectoryV2 < 0) { + log_warn(LD_CONFIG, "MinUptimeHidServDirectoryV2 option must be at " + "least 0 seconds. Changing to 0."); + options->MinUptimeHidServDirectoryV2 = 0; + } + return 0; } diff --git a/src/feature/dirauth/dirauth_options.inc b/src/feature/dirauth/dirauth_options.inc index ca70a51b9e..f0aadb006f 100644 --- a/src/feature/dirauth/dirauth_options.inc +++ b/src/feature/dirauth/dirauth_options.inc @@ -44,6 +44,10 @@ CONF_VAR(AuthDirSharedRandomness, BOOL, 0, "1") /* NOTE: remove this option someday. */ CONF_VAR(AuthDirTestEd25519LinkKeys, BOOL, 0, "1") +/** As directory authority, accept hidden service directories after what + * time? */ +CONF_VAR(MinUptimeHidServDirectoryV2, INTERVAL, 0, "96 hours") + /** Which versions of tor should we tell users to run? */ CONF_VAR(RecommendedVersions, LINELIST, 0, NULL) diff --git a/src/feature/dirauth/voteflags.c b/src/feature/dirauth/voteflags.c index 8b9b8bc5c1..d0bc30d4c9 100644 --- a/src/feature/dirauth/voteflags.c +++ b/src/feature/dirauth/voteflags.c @@ -177,14 +177,14 @@ dirserv_thinks_router_is_hs_dir(const routerinfo_t *router, long uptime; /* If we haven't been running for at least - * get_options()->MinUptimeHidServDirectoryV2 seconds, we can't + * MinUptimeHidServDirectoryV2 seconds, we can't * have accurate data telling us a relay has been up for at least * that long. We also want to allow a bit of slack: Reachability * tests aren't instant. If we haven't been running long enough, * trust the relay. */ if (get_uptime() > - get_options()->MinUptimeHidServDirectoryV2 * 1.1) + dirauth_get_options()->MinUptimeHidServDirectoryV2 * 1.1) uptime = MIN(rep_hist_get_uptime(router->cache_info.identity_digest, now), real_uptime(router, now)); else @@ -193,7 +193,7 @@ dirserv_thinks_router_is_hs_dir(const routerinfo_t *router, return (router->wants_to_be_hs_dir && router->supports_tunnelled_dir_requests && node->is_stable && node->is_fast && - uptime >= get_options()->MinUptimeHidServDirectoryV2 && + uptime >= dirauth_get_options()->MinUptimeHidServDirectoryV2 && router_is_active(router, node, now)); } diff --git a/src/test/test_options.c b/src/test/test_options.c index 1649a25861..3465207166 100644 --- a/src/test/test_options.c +++ b/src/test/test_options.c @@ -994,13 +994,14 @@ test_options_validate__authdir(void *ignored) free_options_test_data(tdata); tdata = get_options_test_data(ENABLE_AUTHORITY_V3); /* We have to set this value manually, because it won't parse */ - tdata->opt->MinUptimeHidServDirectoryV2 = -1; + get_dirauth_options(tdata->opt)->MinUptimeHidServDirectoryV2 = -1; mock_clean_saved_logs(); ret = options_validate(NULL, tdata->opt, &msg); tt_int_op(ret, OP_EQ, 0); expect_log_msg("MinUptimeHidServDirectoryV2 " "option must be at least 0 seconds. Changing to 0.\n"); - tt_int_op(tdata->opt->MinUptimeHidServDirectoryV2, OP_EQ, 0); + tt_int_op(get_dirauth_options(tdata->opt)->MinUptimeHidServDirectoryV2, + OP_EQ, 0); tor_free(msg); done: From 0c7fd8312341b349f93e97c915234b18d0d014ca Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 19 Dec 2019 09:46:14 -0500 Subject: [PATCH 10/19] Move ConsensusParams to dirauth module. --- src/app/config/config.c | 1 - src/app/config/or_options_st.h | 4 ---- src/feature/dirauth/dirauth_options.inc | 4 ++++ src/feature/dirauth/dirvote.c | 4 ++-- 4 files changed, 6 insertions(+), 7 deletions(-) diff --git a/src/app/config/config.c b/src/app/config/config.c index 4b47894cc1..65a0733e0d 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -371,7 +371,6 @@ static const config_var_t option_vars_[] = { V(ClientTransportPlugin, LINELIST, NULL), V(ClientUseIPv6, BOOL, "0"), V(ClientUseIPv4, BOOL, "1"), - V(ConsensusParams, STRING, NULL), V(ConnLimit, POSINT, "1000"), V(ConnDirectionStatistics, BOOL, "0"), V(ConstrainedSockets, BOOL, "0"), diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h index 09edc21a79..eaa32f9bf4 100644 --- a/src/app/config/or_options_st.h +++ b/src/app/config/or_options_st.h @@ -670,10 +670,6 @@ struct or_options_t { /** Location of guardfraction file */ char *GuardfractionFile; - /** Authority only: key=value pairs that we add to our networkstatus - * consensus vote on the 'params' line. */ - char *ConsensusParams; - /** Authority only: minimum number of measured bandwidths we must see * before we only believe measured bandwidths to assign flags. */ int MinMeasuredBWsForAuthToIgnoreAdvertised; diff --git a/src/feature/dirauth/dirauth_options.inc b/src/feature/dirauth/dirauth_options.inc index f0aadb006f..f3d8e35b35 100644 --- a/src/feature/dirauth/dirauth_options.inc +++ b/src/feature/dirauth/dirauth_options.inc @@ -44,6 +44,10 @@ CONF_VAR(AuthDirSharedRandomness, BOOL, 0, "1") /* NOTE: remove this option someday. */ CONF_VAR(AuthDirTestEd25519LinkKeys, BOOL, 0, "1") +/** Authority only: key=value pairs that we add to our networkstatus + * consensus vote on the 'params' line. */ +CONF_VAR(ConsensusParams, STRING, 0, NULL) + /** As directory authority, accept hidden service directories after what * time? */ CONF_VAR(MinUptimeHidServDirectoryV2, INTERVAL, 0, "96 hours") diff --git a/src/feature/dirauth/dirvote.c b/src/feature/dirauth/dirvote.c index 7caa6bf30d..1fd438b7db 100644 --- a/src/feature/dirauth/dirvote.c +++ b/src/feature/dirauth/dirvote.c @@ -4664,10 +4664,10 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key, smartlist_add_strdup(v3_out->known_flags, "BadExit"); smartlist_sort_strings(v3_out->known_flags); - if (options->ConsensusParams) { + if (d_options->ConsensusParams) { v3_out->net_params = smartlist_new(); smartlist_split_string(v3_out->net_params, - options->ConsensusParams, NULL, 0, 0); + d_options->ConsensusParams, NULL, 0, 0); smartlist_sort_strings(v3_out->net_params); } v3_out->bw_file_headers = bw_file_headers; From be9bc5981f21a73508e32207fd197b513a6f01be Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 19 Dec 2019 09:51:11 -0500 Subject: [PATCH 11/19] Move MinMeasuredBWsForAuthToIgnoreAdvertised to dirauth module. --- src/app/config/config.c | 1 - src/app/config/or_options_st.h | 4 ---- src/feature/dirauth/bwauth.c | 4 +++- src/feature/dirauth/dirauth_options.inc | 4 ++++ src/feature/dirauth/voteflags.c | 5 +++-- 5 files changed, 10 insertions(+), 8 deletions(-) diff --git a/src/app/config/config.c b/src/app/config/config.c index 65a0733e0d..262013de4c 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -555,7 +555,6 @@ static const config_var_t option_vars_[] = { OBSOLETE("MaxOnionsPending"), V(MaxOnionQueueDelay, MSEC_INTERVAL, "1750 msec"), V(MaxUnparseableDescSizeToLog, MEMUNIT, "10 MB"), - V(MinMeasuredBWsForAuthToIgnoreAdvertised, INT, "500"), VAR("MyFamily", LINELIST, MyFamily_lines, NULL), V(NewCircuitPeriod, INTERVAL, "30 seconds"), OBSOLETE("NamingAuthoritativeDirectory"), diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h index eaa32f9bf4..2796aaba78 100644 --- a/src/app/config/or_options_st.h +++ b/src/app/config/or_options_st.h @@ -670,10 +670,6 @@ struct or_options_t { /** Location of guardfraction file */ char *GuardfractionFile; - /** Authority only: minimum number of measured bandwidths we must see - * before we only believe measured bandwidths to assign flags. */ - int MinMeasuredBWsForAuthToIgnoreAdvertised; - /** The length of time that we think an initial consensus should be fresh. * Only altered on testing networks. */ int TestingV3AuthInitialVotingInterval; diff --git a/src/feature/dirauth/bwauth.c b/src/feature/dirauth/bwauth.c index b1cde79628..866ea9683d 100644 --- a/src/feature/dirauth/bwauth.c +++ b/src/feature/dirauth/bwauth.c @@ -13,10 +13,12 @@ #include "feature/dirauth/bwauth.h" #include "app/config/config.h" +#include "feature/dirauth/dirauth_sys.h" #include "feature/nodelist/networkstatus.h" #include "feature/nodelist/routerlist.h" #include "feature/dirparse/ns_parse.h" +#include "feature/dirauth/dirauth_options_st.h" #include "feature/nodelist/routerinfo_st.h" #include "feature/nodelist/vote_routerstatus_st.h" @@ -182,7 +184,7 @@ dirserv_get_credible_bandwidth_kb(const routerinfo_t *ri) /* Check if we have a measured bandwidth, and check the threshold if not */ if (!(dirserv_query_measured_bw_cache_kb(ri->cache_info.identity_digest, &mbw_kb, NULL))) { - threshold = get_options()->MinMeasuredBWsForAuthToIgnoreAdvertised; + threshold = dirauth_get_options()->MinMeasuredBWsForAuthToIgnoreAdvertised; if (routers_with_measured_bw > threshold) { /* Return zero for unmeasured bandwidth if we are above threshold */ bw_kb = 0; diff --git a/src/feature/dirauth/dirauth_options.inc b/src/feature/dirauth/dirauth_options.inc index f3d8e35b35..d5ae09cf27 100644 --- a/src/feature/dirauth/dirauth_options.inc +++ b/src/feature/dirauth/dirauth_options.inc @@ -48,6 +48,10 @@ CONF_VAR(AuthDirTestEd25519LinkKeys, BOOL, 0, "1") * consensus vote on the 'params' line. */ CONF_VAR(ConsensusParams, STRING, 0, NULL) +/** Authority only: minimum number of measured bandwidths we must see + * before we only believe measured bandwidths to assign flags. */ +CONF_VAR(MinMeasuredBWsForAuthToIgnoreAdvertised, INT, 0, "500") + /** As directory authority, accept hidden service directories after what * time? */ CONF_VAR(MinUptimeHidServDirectoryV2, INTERVAL, 0, "96 hours") diff --git a/src/feature/dirauth/voteflags.c b/src/feature/dirauth/voteflags.c index d0bc30d4c9..97cb2eb726 100644 --- a/src/feature/dirauth/voteflags.c +++ b/src/feature/dirauth/voteflags.c @@ -244,11 +244,12 @@ dirserv_compute_performance_thresholds(digestmap_t *omit_as_sybil) const smartlist_t *nodelist; time_t now = time(NULL); const or_options_t *options = get_options(); + const dirauth_options_t *dirauth_options = dirauth_get_options(); /* Require mbw? */ int require_mbw = (dirserv_get_last_n_measured_bws() > - options->MinMeasuredBWsForAuthToIgnoreAdvertised) ? 1 : 0; + dirauth_options->MinMeasuredBWsForAuthToIgnoreAdvertised) ? 1 : 0; /* initialize these all here, in case there are no routers */ stable_uptime = 0; @@ -432,7 +433,7 @@ dirserv_get_flag_thresholds_line(void) { char *result=NULL; const int measured_threshold = - get_options()->MinMeasuredBWsForAuthToIgnoreAdvertised; + dirauth_get_options()->MinMeasuredBWsForAuthToIgnoreAdvertised; const int enough_measured_bw = dirserv_get_last_n_measured_bws() > measured_threshold; From cde5abfdc6381e618f9649dd00f74d91d65848d7 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 19 Dec 2019 10:00:25 -0500 Subject: [PATCH 12/19] Move TestingDirAuthTimeToLearnReachability into dirauth module. --- src/app/config/config.c | 1 - src/app/config/or_options_st.h | 5 ---- src/feature/dirauth/dirauth_config.c | 12 +++++----- src/feature/dirauth/dirauth_options.inc | 5 ++++ src/feature/dirauth/voteflags.c | 5 ++-- src/test/test_options.c | 31 ++++++++++++++----------- 6 files changed, 31 insertions(+), 28 deletions(-) diff --git a/src/app/config/config.c b/src/app/config/config.c index 262013de4c..3e1549b705 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -392,7 +392,6 @@ static const config_var_t option_vars_[] = { V(DisableOOSCheck, BOOL, "1"), V(DisableNetwork, BOOL, "0"), V(DirAllowPrivateAddresses, BOOL, "0"), - V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"), OBSOLETE("DirListenAddress"), V(DirPolicy, LINELIST, NULL), VPORT(DirPort), diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h index 2796aaba78..a38eae40f6 100644 --- a/src/app/config/or_options_st.h +++ b/src/app/config/or_options_st.h @@ -686,11 +686,6 @@ struct or_options_t { voting. Only altered on testing networks. */ int TestingV3AuthVotingStartOffset; - /** If an authority has been around for less than this amount of time, it - * does not believe its reachability information is accurate. Only - * altered on testing networks. */ - int TestingAuthDirTimeToLearnReachability; - /** Clients don't download any descriptor this recent, since it will * probably not have propagated to enough caches. Only altered on testing * networks. */ diff --git a/src/feature/dirauth/dirauth_config.c b/src/feature/dirauth/dirauth_config.c index e3f06e9e8a..4a3f569966 100644 --- a/src/feature/dirauth/dirauth_config.c +++ b/src/feature/dirauth/dirauth_config.c @@ -213,12 +213,6 @@ options_validate_dirauth_testing(const or_options_t *old_options, if (!authdir_mode(options)) return 0; - if (options->TestingAuthDirTimeToLearnReachability < 0) { - REJECT("TestingAuthDirTimeToLearnReachability must be non-negative."); - } else if (options->TestingAuthDirTimeToLearnReachability > 2*60*60) { - COMPLAIN("TestingAuthDirTimeToLearnReachability is insanely high."); - } - if (!authdir_mode_v3(options)) return 0; @@ -443,6 +437,12 @@ dirauth_options_validate(const void *arg, char **msg) t = format_recommended_version_list(options->RecommendedServerVersions, 1); tor_free(t); + if (options->TestingAuthDirTimeToLearnReachability < 0) { + REJECT("TestingAuthDirTimeToLearnReachability must be non-negative."); + } else if (options->TestingAuthDirTimeToLearnReachability > 2*60*60) { + COMPLAIN("TestingAuthDirTimeToLearnReachability is insanely high."); + } + return 0; } diff --git a/src/feature/dirauth/dirauth_options.inc b/src/feature/dirauth/dirauth_options.inc index d5ae09cf27..e1550a6e90 100644 --- a/src/feature/dirauth/dirauth_options.inc +++ b/src/feature/dirauth/dirauth_options.inc @@ -65,6 +65,11 @@ CONF_VAR(RecommendedClientVersions, LINELIST, 0, NULL) /** Which versions of tor should we tell users to run on relays? */ CONF_VAR(RecommendedServerVersions, LINELIST, 0, NULL) +/** If an authority has been around for less than this amount of time, it + * does not believe its reachability information is accurate. Only + * altered on testing networks. */ +CONF_VAR(TestingAuthDirTimeToLearnReachability, INTERVAL, 0, "30 minutes") + /** Boolean: is this an authoritative directory that's willing to recommend * versions? */ CONF_VAR(VersioningAuthoritativeDirectory, BOOL, 0, "0") diff --git a/src/feature/dirauth/voteflags.c b/src/feature/dirauth/voteflags.c index 97cb2eb726..757bc35941 100644 --- a/src/feature/dirauth/voteflags.c +++ b/src/feature/dirauth/voteflags.c @@ -460,8 +460,9 @@ dirserv_get_flag_thresholds_line(void) int running_long_enough_to_decide_unreachable(void) { - return time_of_process_start - + get_options()->TestingAuthDirTimeToLearnReachability < approx_time(); + const dirauth_options_t *opts = dirauth_get_options(); + return time_of_process_start + + opts->TestingAuthDirTimeToLearnReachability < approx_time(); } /** Each server needs to have passed a reachability test no more diff --git a/src/test/test_options.c b/src/test/test_options.c index 3465207166..10e79c48d8 100644 --- a/src/test/test_options.c +++ b/src/test/test_options.c @@ -3851,14 +3851,15 @@ test_options_validate__testing_options(void *ignored) options_test_data_t *tdata = NULL; setup_capture_of_logs(LOG_WARN); -#define TEST_TESTING_OPTION(name, low_val, high_val, err_low, EXTRA_OPT_STR) \ +#define TEST_TESTING_OPTION(name, accessor, \ + low_val, high_val, err_low, EXTRA_OPT_STR) \ STMT_BEGIN \ free_options_test_data(tdata); \ tdata = get_options_test_data(EXTRA_OPT_STR \ VALID_DIR_AUTH \ "TestingTorNetwork 1\n" \ ); \ - tdata->opt-> name = low_val; \ + accessor(tdata->opt)->name = low_val; \ ret = options_validate(NULL, tdata->opt, &msg); \ tt_int_op(ret, OP_EQ, -1); \ tt_str_op(msg, OP_EQ, #name " " err_low); \ @@ -3869,7 +3870,7 @@ test_options_validate__testing_options(void *ignored) VALID_DIR_AUTH \ "TestingTorNetwork 1\n" \ ); \ - tdata->opt-> name = high_val; \ + accessor(tdata->opt)->name = high_val; \ mock_clean_saved_logs(); \ ret = options_validate(NULL, tdata->opt, &msg); \ tt_int_op(ret, OP_EQ, 0); \ @@ -3878,30 +3879,32 @@ test_options_validate__testing_options(void *ignored) tor_free(msg); \ STMT_END - TEST_TESTING_OPTION(TestingAuthDirTimeToLearnReachability, -1, 8000, + TEST_TESTING_OPTION(TestingAuthDirTimeToLearnReachability, + get_dirauth_options, -1, 8000, "must be non-negative.", ENABLE_AUTHORITY_V3); - TEST_TESTING_OPTION(TestingAuthDirTimeToLearnReachability, -1, 8000, + TEST_TESTING_OPTION(TestingAuthDirTimeToLearnReachability, + get_dirauth_options, -1, 8000, "must be non-negative.", ENABLE_AUTHORITY_BRIDGE); - TEST_TESTING_OPTION(TestingEstimatedDescriptorPropagationTime, -1, 3601, + TEST_TESTING_OPTION(TestingEstimatedDescriptorPropagationTime, , -1, 3601, "must be non-negative.", ""); - TEST_TESTING_OPTION(TestingClientMaxIntervalWithoutRequest, -1, 3601, + TEST_TESTING_OPTION(TestingClientMaxIntervalWithoutRequest, , -1, 3601, "is way too low.", ""); - TEST_TESTING_OPTION(TestingDirConnectionMaxStall, 1, 3601, + TEST_TESTING_OPTION(TestingDirConnectionMaxStall, , 1, 3601, "is way too low.", ""); - TEST_TESTING_OPTION(TestingEstimatedDescriptorPropagationTime, -1, 3601, + TEST_TESTING_OPTION(TestingEstimatedDescriptorPropagationTime, , -1, 3601, "must be non-negative.", ENABLE_AUTHORITY_V3); - TEST_TESTING_OPTION(TestingClientMaxIntervalWithoutRequest, -1, 3601, + TEST_TESTING_OPTION(TestingClientMaxIntervalWithoutRequest, , -1, 3601, "is way too low.", ENABLE_AUTHORITY_V3); - TEST_TESTING_OPTION(TestingDirConnectionMaxStall, 1, 3601, + TEST_TESTING_OPTION(TestingDirConnectionMaxStall, , 1, 3601, "is way too low.", ENABLE_AUTHORITY_V3); - TEST_TESTING_OPTION(TestingEstimatedDescriptorPropagationTime, -1, 3601, + TEST_TESTING_OPTION(TestingEstimatedDescriptorPropagationTime, , -1, 3601, "must be non-negative.", ENABLE_AUTHORITY_BRIDGE); - TEST_TESTING_OPTION(TestingClientMaxIntervalWithoutRequest, -1, 3601, + TEST_TESTING_OPTION(TestingClientMaxIntervalWithoutRequest, , -1, 3601, "is way too low.", ENABLE_AUTHORITY_BRIDGE); - TEST_TESTING_OPTION(TestingDirConnectionMaxStall, 1, 3601, + TEST_TESTING_OPTION(TestingDirConnectionMaxStall, , 1, 3601, "is way too low.", ENABLE_AUTHORITY_BRIDGE); free_options_test_data(tdata); From 373950340488123fb18c49f8a126a3ef9affb1e6 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 19 Dec 2019 10:14:09 -0500 Subject: [PATCH 13/19] Move TestingMin{Exit,Fast}FlagThreshold to dirauth module. --- src/app/config/config.c | 2 -- src/app/config/or_options_st.h | 6 ------ src/feature/dirauth/dirauth_options.inc | 6 ++++++ src/feature/dirauth/voteflags.c | 7 ++++--- 4 files changed, 10 insertions(+), 11 deletions(-) diff --git a/src/app/config/config.c b/src/app/config/config.c index 3e1549b705..81e5e6a8ed 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -596,8 +596,6 @@ static const config_var_t option_vars_[] = { V(PerConnBWRate, MEMUNIT, "0"), V_IMMUTABLE(PidFile, FILENAME, NULL), V_IMMUTABLE(TestingTorNetwork, BOOL, "0"), - V(TestingMinExitFlagThreshold, MEMUNIT, "0"), - V(TestingMinFastFlagThreshold, MEMUNIT, "0"), V(TestingLinkCertLifetime, INTERVAL, "2 days"), V(TestingAuthKeyLifetime, INTERVAL, "2 days"), diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h index a38eae40f6..f9aa0e5cd0 100644 --- a/src/app/config/or_options_st.h +++ b/src/app/config/or_options_st.h @@ -764,12 +764,6 @@ struct or_options_t { * of certain configuration options. */ int TestingTorNetwork; - /** Minimum value for the Exit flag threshold on testing networks. */ - uint64_t TestingMinExitFlagThreshold; - - /** Minimum value for the Fast flag threshold on testing networks. */ - uint64_t TestingMinFastFlagThreshold; - /** Relays in a testing network which should be voted Exit * regardless of exit policy. */ routerset_t *TestingDirAuthVoteExit; diff --git a/src/feature/dirauth/dirauth_options.inc b/src/feature/dirauth/dirauth_options.inc index e1550a6e90..82954a9920 100644 --- a/src/feature/dirauth/dirauth_options.inc +++ b/src/feature/dirauth/dirauth_options.inc @@ -70,6 +70,12 @@ CONF_VAR(RecommendedServerVersions, LINELIST, 0, NULL) * altered on testing networks. */ CONF_VAR(TestingAuthDirTimeToLearnReachability, INTERVAL, 0, "30 minutes") +/** Minimum value for the Exit flag threshold on testing networks. */ +CONF_VAR(TestingMinExitFlagThreshold, MEMUNIT, 0, "0") + +/** Minimum value for the Fast flag threshold on testing networks. */ +CONF_VAR(TestingMinFastFlagThreshold, MEMUNIT, 0, "0") + /** Boolean: is this an authoritative directory that's willing to recommend * versions? */ CONF_VAR(VersioningAuthoritativeDirectory, BOOL, 0, "0") diff --git a/src/feature/dirauth/voteflags.c b/src/feature/dirauth/voteflags.c index 757bc35941..975b3e2cff 100644 --- a/src/feature/dirauth/voteflags.c +++ b/src/feature/dirauth/voteflags.c @@ -147,7 +147,7 @@ router_is_active(const routerinfo_t *ri, const node_t *node, time_t now) * if TestingTorNetwork, and TestingMinExitFlagThreshold is non-zero */ if (!ri->bandwidthcapacity) { if (get_options()->TestingTorNetwork) { - if (get_options()->TestingMinExitFlagThreshold > 0) { + if (dirauth_get_options()->TestingMinExitFlagThreshold > 0) { /* If we're in a TestingTorNetwork, and TestingMinExitFlagThreshold is, * then require bandwidthcapacity */ return 0; @@ -216,9 +216,10 @@ router_counts_toward_thresholds(const node_t *node, time_t now, dirserv_has_measured_bw(node->identity); uint64_t min_bw_kb = ABSOLUTE_MIN_BW_VALUE_TO_CONSIDER_KB; const or_options_t *options = get_options(); + const dirauth_options_t *dirauth_options = dirauth_get_options(); if (options->TestingTorNetwork) { - min_bw_kb = (int64_t)options->TestingMinExitFlagThreshold / 1000; + min_bw_kb = (int64_t)dirauth_options->TestingMinExitFlagThreshold / 1000; } return node->ri && router_is_active(node->ri, node, now) && @@ -341,7 +342,7 @@ dirserv_compute_performance_thresholds(digestmap_t *omit_as_sybil) ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG, INT32_MAX); if (options->TestingTorNetwork) { - min_fast = (int32_t)options->TestingMinFastFlagThreshold; + min_fast = (int32_t)dirauth_options->TestingMinFastFlagThreshold; } max_fast = networkstatus_get_param(NULL, "FastFlagMaxThreshold", INT32_MAX, min_fast, INT32_MAX); From 87f7c2d01817913b3fcf36a3025c55feef13612c Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 19 Dec 2019 10:42:10 -0500 Subject: [PATCH 14/19] Correct the type for config_decl_ROUTERSET This needs to be a point so that the CONF_VAR() macro can work correctly. --- src/feature/nodelist/routerset.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/feature/nodelist/routerset.h b/src/feature/nodelist/routerset.h index 6bd97f9422..936a2d0ff0 100644 --- a/src/feature/nodelist/routerset.h +++ b/src/feature/nodelist/routerset.h @@ -46,7 +46,7 @@ int routerset_len(const routerset_t *set); struct var_type_def_t; extern const struct var_type_def_t ROUTERSET_type_defn; -typedef routerset_t config_decl_ROUTERSET; +typedef routerset_t *config_decl_ROUTERSET; #ifdef ROUTERSET_PRIVATE #include "lib/container/bitarray.h" From 3210598c30c46ea0f192a20d96e2f10f481c2366 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 19 Dec 2019 10:42:44 -0500 Subject: [PATCH 15/19] Move TestingDirVote{Exit,Guard,HSdir}{,IsStrict} to dirauth module --- src/app/config/config.c | 6 -- src/app/config/or_options_st.h | 15 ---- src/feature/dirauth/dirauth_options.inc | 15 ++++ src/feature/dirauth/dirauth_options_st.h | 2 + src/feature/dirauth/dirauth_sys.c | 3 +- src/feature/dirauth/dirauth_sys.h | 4 + src/feature/dirauth/voteflags.c | 4 +- src/test/test_dir.c | 102 ++++++++++++----------- src/test/test_options.c | 2 +- 9 files changed, 79 insertions(+), 74 deletions(-) diff --git a/src/app/config/config.c b/src/app/config/config.c index 81e5e6a8ed..1bfb41f48f 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -752,12 +752,6 @@ static const config_var_t option_vars_[] = { OBSOLETE("TestingDescriptorMaxDownloadTries"), OBSOLETE("TestingMicrodescMaxDownloadTries"), OBSOLETE("TestingCertMaxDownloadTries"), - V_D(TestingDirAuthVoteExit, ROUTERSET, NULL), - V(TestingDirAuthVoteExitIsStrict, BOOL, "0"), - V_D(TestingDirAuthVoteGuard, ROUTERSET, NULL), - V(TestingDirAuthVoteGuardIsStrict, BOOL, "0"), - V_D(TestingDirAuthVoteHSDir, ROUTERSET, NULL), - V(TestingDirAuthVoteHSDirIsStrict, BOOL, "0"), VAR_INVIS("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "0"), diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h index f9aa0e5cd0..0e6e825854 100644 --- a/src/app/config/or_options_st.h +++ b/src/app/config/or_options_st.h @@ -764,21 +764,6 @@ struct or_options_t { * of certain configuration options. */ int TestingTorNetwork; - /** Relays in a testing network which should be voted Exit - * regardless of exit policy. */ - routerset_t *TestingDirAuthVoteExit; - int TestingDirAuthVoteExitIsStrict; - - /** Relays in a testing network which should be voted Guard - * regardless of uptime and bandwidth. */ - routerset_t *TestingDirAuthVoteGuard; - int TestingDirAuthVoteGuardIsStrict; - - /** Relays in a testing network which should be voted HSDir - * regardless of uptime and DirPort. */ - routerset_t *TestingDirAuthVoteHSDir; - int TestingDirAuthVoteHSDirIsStrict; - /** Enable CONN_BW events. Only altered on testing networks. */ int TestingEnableConnBwEvent; diff --git a/src/feature/dirauth/dirauth_options.inc b/src/feature/dirauth/dirauth_options.inc index 82954a9920..575151733f 100644 --- a/src/feature/dirauth/dirauth_options.inc +++ b/src/feature/dirauth/dirauth_options.inc @@ -70,6 +70,21 @@ CONF_VAR(RecommendedServerVersions, LINELIST, 0, NULL) * altered on testing networks. */ CONF_VAR(TestingAuthDirTimeToLearnReachability, INTERVAL, 0, "30 minutes") + /** Relays in a testing network which should be voted Exit + * regardless of exit policy. */ +CONF_VAR(TestingDirAuthVoteExit, ROUTERSET, 0, NULL) +CONF_VAR(TestingDirAuthVoteExitIsStrict, BOOL, 0, "0") + +/** Relays in a testing network which should be voted Guard + * regardless of uptime and bandwidth. */ +CONF_VAR(TestingDirAuthVoteGuard, ROUTERSET, 0, NULL) +CONF_VAR(TestingDirAuthVoteGuardIsStrict, BOOL, 0, "0") + +/** Relays in a testing network which should be voted HSDir + * regardless of uptime and DirPort. */ +CONF_VAR(TestingDirAuthVoteHSDir, ROUTERSET, 0, NULL) +CONF_VAR(TestingDirAuthVoteHSDirIsStrict, BOOL, 0, "0") + /** Minimum value for the Exit flag threshold on testing networks. */ CONF_VAR(TestingMinExitFlagThreshold, MEMUNIT, 0, "0") diff --git a/src/feature/dirauth/dirauth_options_st.h b/src/feature/dirauth/dirauth_options_st.h index 93b9cb45bc..d48ecbe3aa 100644 --- a/src/feature/dirauth/dirauth_options_st.h +++ b/src/feature/dirauth/dirauth_options_st.h @@ -13,6 +13,8 @@ #define TOR_FEATURE_DIRAUTH_DIRAUTH_OPTIONS_ST_H #include "lib/conf/confdecl.h" +#include "feature/nodelist/routerset.h" + #define CONF_CONTEXT STRUCT #include "feature/dirauth/dirauth_options.inc" #undef CONF_CONTEXT diff --git a/src/feature/dirauth/dirauth_sys.c b/src/feature/dirauth/dirauth_sys.c index 6ec25681e7..b24e8b5774 100644 --- a/src/feature/dirauth/dirauth_sys.c +++ b/src/feature/dirauth/dirauth_sys.c @@ -11,6 +11,7 @@ #include "core/or/or.h" +#define DIRAUTH_SYS_PRIVATE #include "feature/dirauth/bwauth.h" #include "feature/dirauth/dirauth_sys.h" #include "feature/dirauth/dirvote.h" @@ -49,7 +50,7 @@ dirauth_get_options(void) return global_dirauth_options; } -static int +STATIC int dirauth_set_options(void *arg) { dirauth_options_t *opts = arg; diff --git a/src/feature/dirauth/dirauth_sys.h b/src/feature/dirauth/dirauth_sys.h index 6f116855df..243605dc63 100644 --- a/src/feature/dirauth/dirauth_sys.h +++ b/src/feature/dirauth/dirauth_sys.h @@ -25,4 +25,8 @@ extern const struct subsys_fns_t sys_dirauth; **/ #define DIRAUTH_SUBSYS_LEVEL 70 +#ifdef DIRAUTH_SYS_PRIVATE +STATIC int dirauth_set_options(void *arg); +#endif + #endif /* !defined(DIRAUTH_SYS_H) */ diff --git a/src/feature/dirauth/voteflags.c b/src/feature/dirauth/voteflags.c index 975b3e2cff..e0a037718a 100644 --- a/src/feature/dirauth/voteflags.c +++ b/src/feature/dirauth/voteflags.c @@ -620,9 +620,9 @@ dirauth_set_routerstatus_from_routerinfo(routerstatus_t *rs, STATIC void dirserv_set_routerstatus_testing(routerstatus_t *rs) { - const or_options_t *options = get_options(); + const dirauth_options_t *options = dirauth_get_options(); - tor_assert(options->TestingTorNetwork); + tor_assert(get_options()->TestingTorNetwork); if (routerset_contains_routerstatus(options->TestingDirAuthVoteExit, rs, 0)) { diff --git a/src/test/test_dir.c b/src/test/test_dir.c index 02465b07f0..d929cfb274 100644 --- a/src/test/test_dir.c +++ b/src/test/test_dir.c @@ -9,6 +9,7 @@ #define BWAUTH_PRIVATE #define CONFIG_PRIVATE #define CONTROL_GETINFO_PRIVATE +#define DIRAUTH_SYS_PRIVATE #define DIRCACHE_PRIVATE #define DIRCLIENT_PRIVATE #define DIRSERV_PRIVATE @@ -34,6 +35,7 @@ #include "feature/client/entrynodes.h" #include "feature/control/control_getinfo.h" #include "feature/dirauth/bwauth.h" +#include "feature/dirauth/dirauth_sys.h" #include "feature/dirauth/dirvote.h" #include "feature/dirauth/dsigs_parse.h" #include "feature/dirauth/process_descs.h" @@ -71,10 +73,12 @@ #include "lib/memarea/memarea.h" #include "lib/osinfo/uname.h" #include "test/log_test_helpers.h" +#include "test/opts_test_helpers.h" #include "test/test.h" #include "test/test_dir_common.h" #include "core/or/addr_policy_st.h" +#include "feature/dirauth/dirauth_options_st.h" #include "feature/nodelist/authority_cert_st.h" #include "feature/nodelist/document_signature_st.h" #include "feature/nodelist/extrainfo_st.h" @@ -4690,10 +4694,13 @@ test_dir_dirserv_set_routerstatus_testing(void *arg) (void)arg; /* Init options */ + dirauth_options_t *dirauth_options = + tor_malloc_zero(sizeof(dirauth_options_t)); + mock_options = tor_malloc(sizeof(or_options_t)); reset_options(mock_options, &mock_get_options_calls); - MOCK(get_options, mock_get_options); + dirauth_set_options(dirauth_options); /* Init routersets */ routerset_t *routerset_all = routerset_new(); @@ -4733,16 +4740,15 @@ test_dir_dirserv_set_routerstatus_testing(void *arg) /* Check that "*" sets flags on all routers: Exit * Check the flags aren't being confused with each other */ reset_options(mock_options, &mock_get_options_calls); + memset(dirauth_options, 0, sizeof(*dirauth_options)); reset_routerstatus(rs_a, ROUTER_A_ID_STR, ROUTER_A_IPV4); reset_routerstatus(rs_b, ROUTER_B_ID_STR, ROUTER_B_IPV4); - mock_options->TestingDirAuthVoteExit = routerset_all; - mock_options->TestingDirAuthVoteExitIsStrict = 0; + dirauth_options->TestingDirAuthVoteExit = routerset_all; + dirauth_options->TestingDirAuthVoteExitIsStrict = 0; dirserv_set_routerstatus_testing(rs_a); - tt_int_op(mock_get_options_calls, OP_EQ, 1); dirserv_set_routerstatus_testing(rs_b); - tt_int_op(mock_get_options_calls, OP_EQ, 2); tt_uint_op(rs_a->is_exit, OP_EQ, 1); tt_uint_op(rs_b->is_exit, OP_EQ, 1); @@ -4755,18 +4761,17 @@ test_dir_dirserv_set_routerstatus_testing(void *arg) /* Check that "*" sets flags on all routers: Guard & HSDir * Cover the remaining flags in one test */ reset_options(mock_options, &mock_get_options_calls); + memset(dirauth_options, 0, sizeof(*dirauth_options)); reset_routerstatus(rs_a, ROUTER_A_ID_STR, ROUTER_A_IPV4); reset_routerstatus(rs_b, ROUTER_B_ID_STR, ROUTER_B_IPV4); - mock_options->TestingDirAuthVoteGuard = routerset_all; - mock_options->TestingDirAuthVoteGuardIsStrict = 0; - mock_options->TestingDirAuthVoteHSDir = routerset_all; - mock_options->TestingDirAuthVoteHSDirIsStrict = 0; + dirauth_options->TestingDirAuthVoteGuard = routerset_all; + dirauth_options->TestingDirAuthVoteGuardIsStrict = 0; + dirauth_options->TestingDirAuthVoteHSDir = routerset_all; + dirauth_options->TestingDirAuthVoteHSDirIsStrict = 0; dirserv_set_routerstatus_testing(rs_a); - tt_int_op(mock_get_options_calls, OP_EQ, 1); dirserv_set_routerstatus_testing(rs_b); - tt_int_op(mock_get_options_calls, OP_EQ, 2); tt_uint_op(rs_a->is_possible_guard, OP_EQ, 1); tt_uint_op(rs_b->is_possible_guard, OP_EQ, 1); @@ -4779,20 +4784,19 @@ test_dir_dirserv_set_routerstatus_testing(void *arg) /* Check routerset A sets all flags on router A, * but leaves router B unmodified */ reset_options(mock_options, &mock_get_options_calls); + memset(dirauth_options, 0, sizeof(*dirauth_options)); reset_routerstatus(rs_a, ROUTER_A_ID_STR, ROUTER_A_IPV4); reset_routerstatus(rs_b, ROUTER_B_ID_STR, ROUTER_B_IPV4); - mock_options->TestingDirAuthVoteExit = routerset_a; - mock_options->TestingDirAuthVoteExitIsStrict = 0; - mock_options->TestingDirAuthVoteGuard = routerset_a; - mock_options->TestingDirAuthVoteGuardIsStrict = 0; - mock_options->TestingDirAuthVoteHSDir = routerset_a; - mock_options->TestingDirAuthVoteHSDirIsStrict = 0; + dirauth_options->TestingDirAuthVoteExit = routerset_a; + dirauth_options->TestingDirAuthVoteExitIsStrict = 0; + dirauth_options->TestingDirAuthVoteGuard = routerset_a; + dirauth_options->TestingDirAuthVoteGuardIsStrict = 0; + dirauth_options->TestingDirAuthVoteHSDir = routerset_a; + dirauth_options->TestingDirAuthVoteHSDirIsStrict = 0; dirserv_set_routerstatus_testing(rs_a); - tt_int_op(mock_get_options_calls, OP_EQ, 1); dirserv_set_routerstatus_testing(rs_b); - tt_int_op(mock_get_options_calls, OP_EQ, 2); tt_uint_op(rs_a->is_exit, OP_EQ, 1); tt_uint_op(rs_b->is_exit, OP_EQ, 0); @@ -4803,21 +4807,21 @@ test_dir_dirserv_set_routerstatus_testing(void *arg) /* Check routerset A unsets all flags on router B when Strict is set */ reset_options(mock_options, &mock_get_options_calls); + memset(dirauth_options, 0, sizeof(*dirauth_options)); reset_routerstatus(rs_b, ROUTER_B_ID_STR, ROUTER_B_IPV4); - mock_options->TestingDirAuthVoteExit = routerset_a; - mock_options->TestingDirAuthVoteExitIsStrict = 1; - mock_options->TestingDirAuthVoteGuard = routerset_a; - mock_options->TestingDirAuthVoteGuardIsStrict = 1; - mock_options->TestingDirAuthVoteHSDir = routerset_a; - mock_options->TestingDirAuthVoteHSDirIsStrict = 1; + dirauth_options->TestingDirAuthVoteExit = routerset_a; + dirauth_options->TestingDirAuthVoteExitIsStrict = 1; + dirauth_options->TestingDirAuthVoteGuard = routerset_a; + dirauth_options->TestingDirAuthVoteGuardIsStrict = 1; + dirauth_options->TestingDirAuthVoteHSDir = routerset_a; + dirauth_options->TestingDirAuthVoteHSDirIsStrict = 1; rs_b->is_exit = 1; rs_b->is_possible_guard = 1; rs_b->is_hs_dir = 1; dirserv_set_routerstatus_testing(rs_b); - tt_int_op(mock_get_options_calls, OP_EQ, 1); tt_uint_op(rs_b->is_exit, OP_EQ, 0); tt_uint_op(rs_b->is_possible_guard, OP_EQ, 0); @@ -4825,21 +4829,21 @@ test_dir_dirserv_set_routerstatus_testing(void *arg) /* Check routerset A doesn't modify flags on router B without Strict set */ reset_options(mock_options, &mock_get_options_calls); + memset(dirauth_options, 0, sizeof(*dirauth_options)); reset_routerstatus(rs_b, ROUTER_B_ID_STR, ROUTER_B_IPV4); - mock_options->TestingDirAuthVoteExit = routerset_a; - mock_options->TestingDirAuthVoteExitIsStrict = 0; - mock_options->TestingDirAuthVoteGuard = routerset_a; - mock_options->TestingDirAuthVoteGuardIsStrict = 0; - mock_options->TestingDirAuthVoteHSDir = routerset_a; - mock_options->TestingDirAuthVoteHSDirIsStrict = 0; + dirauth_options->TestingDirAuthVoteExit = routerset_a; + dirauth_options->TestingDirAuthVoteExitIsStrict = 0; + dirauth_options->TestingDirAuthVoteGuard = routerset_a; + dirauth_options->TestingDirAuthVoteGuardIsStrict = 0; + dirauth_options->TestingDirAuthVoteHSDir = routerset_a; + dirauth_options->TestingDirAuthVoteHSDirIsStrict = 0; rs_b->is_exit = 1; rs_b->is_possible_guard = 1; rs_b->is_hs_dir = 1; dirserv_set_routerstatus_testing(rs_b); - tt_int_op(mock_get_options_calls, OP_EQ, 1); tt_uint_op(rs_b->is_exit, OP_EQ, 1); tt_uint_op(rs_b->is_possible_guard, OP_EQ, 1); @@ -4848,21 +4852,21 @@ test_dir_dirserv_set_routerstatus_testing(void *arg) /* Check the empty routerset zeroes all flags * on routers A & B with Strict set */ reset_options(mock_options, &mock_get_options_calls); + memset(dirauth_options, 0, sizeof(*dirauth_options)); reset_routerstatus(rs_b, ROUTER_B_ID_STR, ROUTER_B_IPV4); - mock_options->TestingDirAuthVoteExit = routerset_none; - mock_options->TestingDirAuthVoteExitIsStrict = 1; - mock_options->TestingDirAuthVoteGuard = routerset_none; - mock_options->TestingDirAuthVoteGuardIsStrict = 1; - mock_options->TestingDirAuthVoteHSDir = routerset_none; - mock_options->TestingDirAuthVoteHSDirIsStrict = 1; + dirauth_options->TestingDirAuthVoteExit = routerset_none; + dirauth_options->TestingDirAuthVoteExitIsStrict = 1; + dirauth_options->TestingDirAuthVoteGuard = routerset_none; + dirauth_options->TestingDirAuthVoteGuardIsStrict = 1; + dirauth_options->TestingDirAuthVoteHSDir = routerset_none; + dirauth_options->TestingDirAuthVoteHSDirIsStrict = 1; rs_b->is_exit = 1; rs_b->is_possible_guard = 1; rs_b->is_hs_dir = 1; dirserv_set_routerstatus_testing(rs_b); - tt_int_op(mock_get_options_calls, OP_EQ, 1); tt_uint_op(rs_b->is_exit, OP_EQ, 0); tt_uint_op(rs_b->is_possible_guard, OP_EQ, 0); @@ -4871,24 +4875,23 @@ test_dir_dirserv_set_routerstatus_testing(void *arg) /* Check the empty routerset doesn't modify any flags * on A or B without Strict set */ reset_options(mock_options, &mock_get_options_calls); + memset(dirauth_options, 0, sizeof(*dirauth_options)); reset_routerstatus(rs_a, ROUTER_A_ID_STR, ROUTER_A_IPV4); reset_routerstatus(rs_b, ROUTER_B_ID_STR, ROUTER_B_IPV4); - mock_options->TestingDirAuthVoteExit = routerset_none; - mock_options->TestingDirAuthVoteExitIsStrict = 0; - mock_options->TestingDirAuthVoteGuard = routerset_none; - mock_options->TestingDirAuthVoteGuardIsStrict = 0; - mock_options->TestingDirAuthVoteHSDir = routerset_none; - mock_options->TestingDirAuthVoteHSDirIsStrict = 0; + dirauth_options->TestingDirAuthVoteExit = routerset_none; + dirauth_options->TestingDirAuthVoteExitIsStrict = 0; + dirauth_options->TestingDirAuthVoteGuard = routerset_none; + dirauth_options->TestingDirAuthVoteGuardIsStrict = 0; + dirauth_options->TestingDirAuthVoteHSDir = routerset_none; + dirauth_options->TestingDirAuthVoteHSDirIsStrict = 0; rs_b->is_exit = 1; rs_b->is_possible_guard = 1; rs_b->is_hs_dir = 1; dirserv_set_routerstatus_testing(rs_a); - tt_int_op(mock_get_options_calls, OP_EQ, 1); dirserv_set_routerstatus_testing(rs_b); - tt_int_op(mock_get_options_calls, OP_EQ, 2); tt_uint_op(rs_a->is_exit, OP_EQ, 0); tt_uint_op(rs_a->is_possible_guard, OP_EQ, 0); @@ -4899,6 +4902,7 @@ test_dir_dirserv_set_routerstatus_testing(void *arg) done: tor_free(mock_options); + tor_free(dirauth_options); mock_options = NULL; UNMOCK(get_options); @@ -7261,7 +7265,7 @@ struct testcase_t dir_tests[] = { DIR_LEGACY(clip_unmeasured_bw_kb), DIR_LEGACY(clip_unmeasured_bw_kb_alt), DIR(fmt_control_ns, 0), - DIR(dirserv_set_routerstatus_testing, 0), + DIR(dirserv_set_routerstatus_testing, TT_FORK), DIR(http_handling, 0), DIR(purpose_needs_anonymity_returns_true_for_bridges, 0), DIR(purpose_needs_anonymity_returns_false_for_own_bridge_desc, 0), diff --git a/src/test/test_options.c b/src/test/test_options.c index 10e79c48d8..bdcdba8028 100644 --- a/src/test/test_options.c +++ b/src/test/test_options.c @@ -6,6 +6,7 @@ #define CONFIG_PRIVATE #define RELAY_CONFIG_PRIVATE #define LOG_PRIVATE +#define ROUTERSET_PRIVATE #include "core/or/or.h" #include "lib/confmgt/confmgt.h" #include "app/config/config.h" @@ -16,7 +17,6 @@ #include "test/test.h" #include "lib/geoip/geoip.h" -#define ROUTERSET_PRIVATE #include "feature/nodelist/routerset.h" #include "core/mainloop/mainloop.h" #include "app/main/subsysmgr.h" From 3663df69376aafdf87d423804653b9579de64f49 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 19 Dec 2019 10:49:57 -0500 Subject: [PATCH 16/19] changes file for ticket 32806 --- changes/ticket32806 | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 changes/ticket32806 diff --git a/changes/ticket32806 b/changes/ticket32806 new file mode 100644 index 0000000000..357e281d36 --- /dev/null +++ b/changes/ticket32806 @@ -0,0 +1,3 @@ + o Code simplification and refactoring: + - Use our new configuration architecture to move most authority-related + options to the directory authority module. Closes ticket 32806. From 1bdbb4e9eb68506dd17cfe7b93bdc7d5496c2eae Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 19 Dec 2019 12:09:03 -0500 Subject: [PATCH 17/19] Change conf_examples test for ConsensusParams option. --- .../large_1/expected_log_no_dirauth | 1 + .../conf_examples/large_1/expected_no_dirauth | 158 ++++++++++++++++++ 2 files changed, 159 insertions(+) create mode 100644 src/test/conf_examples/large_1/expected_log_no_dirauth create mode 100644 src/test/conf_examples/large_1/expected_no_dirauth diff --git a/src/test/conf_examples/large_1/expected_log_no_dirauth b/src/test/conf_examples/large_1/expected_log_no_dirauth new file mode 100644 index 0000000000..0b74de4e40 --- /dev/null +++ b/src/test/conf_examples/large_1/expected_log_no_dirauth @@ -0,0 +1 @@ +This copy of Tor was built without support for the option "ConsensusParams". Skipping. diff --git a/src/test/conf_examples/large_1/expected_no_dirauth b/src/test/conf_examples/large_1/expected_no_dirauth new file mode 100644 index 0000000000..17c11f85fc --- /dev/null +++ b/src/test/conf_examples/large_1/expected_no_dirauth @@ -0,0 +1,158 @@ +AccountingMax 10737418240 +AccountingRule sum +AccountingStart day 05:15 +Address 128.66.8.8 +AllowNonRFC953Hostnames 1 +AndroidIdentityTag droidy +AutomapHostsOnResolve 1 +AutomapHostsSuffixes .onions +AvoidDiskWrites 1 +BandwidthBurst 2147483647 +BandwidthRate 1610612736 +Bridge 128.66.1.10:80 +CacheDirectory /this-is-a-cache +CellStatistics 1 +CircuitBuildTimeout 200 +CircuitsAvailableTimeout 10 +CircuitStreamTimeout 20 +ClientAutoIPv6ORPort 1 +ClientOnly 1 +ClientPreferIPv6DirPort 1 +ClientPreferIPv6ORPort 1 +ClientRejectInternalAddresses 0 +ClientUseIPv4 0 +ClientUseIPv6 1 +ConnDirectionStatistics 1 +ConnectionPadding 1 +ConnLimit 64 +ConstrainedSockets 1 +ConstrainedSockSize 10240 +ContactInfo long_config@example.com +ControlPortFileGroupReadable 1 +ControlPort 9058 +CookieAuthentication 1 +CookieAuthFile /control/cookie +CookieAuthFileGroupReadable 1 +CountPrivateBandwidth 1 +DataDirectory /data/dir +DirAllowPrivateAddresses 1 +DirPolicy reject 128.66.1.1/32, accept *:* +DirPortFrontPage /dirport/frontpage +DirPort 99 +DirReqStatistics 0 +DisableDebuggerAttachment 0 +DisableNetwork 1 +DisableOOSCheck 0 +DNSPort 53535 +DormantCanceledByStartup 1 +DormantClientTimeout 1260 +DormantOnFirstStartup 1 +DormantTimeoutDisabledByIdleStreams 0 +DoSCircuitCreationBurst 1000 +DoSCircuitCreationDefenseTimePeriod 300 +DoSCircuitCreationDefenseType 2 +DoSCircuitCreationEnabled 1 +DoSCircuitCreationMinConnections 10 +DoSCircuitCreationRate 100 +DoSConnectionDefenseType 2 +DoSConnectionEnabled 1 +DoSConnectionMaxConcurrentCount 6 +DoSRefuseSingleHopClientRendezvous 0 +DownloadExtraInfo 1 +EnforceDistinctSubnets 0 +EntryNodes potrzebie,triffid,cromulent +EntryStatistics 1 +ExcludeExitNodes blaznort,kriffid,zeppelin +ExcludeNodes 128.66.7.6 +ExitNodes 128.66.7.7,128.66.128.0/17,exitexit +ExitPolicy accept *:80,reject *:* +ExitPolicyRejectLocalInterfaces 1 +ExitPolicyRejectPrivate 0 +ExitPortStatistics 1 +ExitRelay 1 +ExtendAllowPrivateAddresses 1 +ExtendByEd25519ID 1 +ExtORPortCookieAuthFile /foobar +ExtORPort 99 +FascistFirewall 1 +FetchDirInfoEarly 1 +FetchDirInfoExtraEarly 1 +FetchUselessDescriptors 1 +FirewallPorts 80,443,999 +GeoIPExcludeUnknown 1 +GeoIPFile /geoip +GuardfractionFile /gff +GuardLifetime 691200 +HeartbeatPeriod 2700 +IPv6Exit 1 +KeepalivePeriod 540 +KeyDirectory /keyz +KISTSchedRunInterval 1 +Log notice file /logfile +Log info file /logfile-verbose +LogTimeGranularity 60000 +LongLivedPorts 9090 +MainloopStats 1 +MapAddress www.example.com:10.0.0.6 +MaxAdvertisedBandwidth 100 +MaxCircuitDirtiness 3600 +MaxClientCircuitsPending 127 +MaxConsensusAgeForDiffs 2629728 +MaxMemInQueues 314572800 +MaxOnionQueueDelay 60000 +MaxUnparseableDescSizeToLog 1048576 +MiddleNodes grommit,truffle,parcheesi +MyFamily $ffffffffffffffffffffffffffffffffffffffff +NewCircuitPeriod 7200 +Nickname nickname +NodeFamily $ffffffffffffffffffffffffffffffffffffffff,$dddddddddddddddddddddddddddddddddddddddd +NumCPUs 3 +NumDirectoryGuards 4 +NumEntryGuards 5 +NumPrimaryGuards 8 +OfflineMasterKey 1 +OptimisticData 1 +ORPort 2222 +OutboundBindAddress 10.0.0.7 +OutboundBindAddressExit 10.0.0.8 +OutboundBindAddressOR 10.0.0.9 +PerConnBWBurst 10485760 +PerConnBWRate 102400 +PidFile /piddy +ProtocolWarnings 1 +PublishHidServDescriptors 0 +PublishServerDescriptor 0 +ReachableAddresses 0.0.0.0, *:* +ReachableDirAddresses 128.0.0.0/1 +ReachableORAddresses 128.0.0.0/8 +RejectPlaintextPorts 23 +RelayBandwidthBurst 10000 +RelayBandwidthRate 1000 +RendPostPeriod 600 +RephistTrackTime 600 +SafeLogging 0 +Schedulers Vanilla,KISTLite,Kist +ShutdownWaitLength 10 +SigningKeyLifetime 4838400 +Socks5Proxy 128.66.99.99:99 +Socks5ProxyPassword flynn +Socks5ProxyUsername spaceparanoids +SocksPolicy accept 127.0.0.0/24, reject *:* +SocksPort 9099 +SocksTimeout 600 +SSLKeyLifetime 86400 +StrictNodes 1 +SyslogIdentityTag tortor +TestSocks 1 +TokenBucketRefillInterval 1000 +TrackHostExits www.example.com +TrackHostExitsExpire 3600 +TruncateLogFile 1 +UnixSocksGroupWritable 1 +UpdateBridgesFromAuthority 1 +UseDefaultFallbackDirs 0 +UseGuardFraction 1 +UseMicrodescriptors 0 +VirtualAddrNetworkIPv4 18.66.0.0/16 +VirtualAddrNetworkIPv6 [ff00::]/16 +WarnPlaintextPorts 7,11,23,1001 From 648e1afc330ca32ad8f0b29c584bf38afefa85ea Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Fri, 17 Jan 2020 08:25:09 -0500 Subject: [PATCH 18/19] fix a stray asterisk in a comment --- src/feature/dirauth/dirauth_options.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/feature/dirauth/dirauth_options.inc b/src/feature/dirauth/dirauth_options.inc index 575151733f..5939010fe7 100644 --- a/src/feature/dirauth/dirauth_options.inc +++ b/src/feature/dirauth/dirauth_options.inc @@ -23,7 +23,7 @@ CONF_VAR(AuthDirGuardBWGuarantee, MEMUNIT, 0, "2 MB") /** Boolean: are we on IPv6? */ CONF_VAR(AuthDirHasIPv6Connectivity, BOOL, 0, "0") -/** True iff we should list bad exits, * and vote for all other exits as +/** True iff we should list bad exits, and vote for all other exits as * good. */ CONF_VAR(AuthDirListBadExits, BOOL, 0, "0") From 6d2b9c963100dab56f61786b65d8629faaada7ad Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Fri, 17 Jan 2020 08:31:18 -0500 Subject: [PATCH 19/19] Remove some dead checks The only code that could set these options to be negative was in the unit tests. --- src/feature/dirauth/dirauth_config.c | 10 +--------- src/test/test_options.c | 20 -------------------- 2 files changed, 1 insertion(+), 29 deletions(-) diff --git a/src/feature/dirauth/dirauth_config.c b/src/feature/dirauth/dirauth_config.c index 4a3f569966..7895e3817f 100644 --- a/src/feature/dirauth/dirauth_config.c +++ b/src/feature/dirauth/dirauth_config.c @@ -403,12 +403,6 @@ dirauth_options_pre_normalize(void *arg, char **msg_out) "AuthDirGuardBWGuarantee", msg_out) < 0) return -1; - if (options->MinUptimeHidServDirectoryV2 < 0) { - log_warn(LD_CONFIG, "MinUptimeHidServDirectoryV2 option must be at " - "least 0 seconds. Changing to 0."); - options->MinUptimeHidServDirectoryV2 = 0; - } - return 0; } @@ -437,9 +431,7 @@ dirauth_options_validate(const void *arg, char **msg) t = format_recommended_version_list(options->RecommendedServerVersions, 1); tor_free(t); - if (options->TestingAuthDirTimeToLearnReachability < 0) { - REJECT("TestingAuthDirTimeToLearnReachability must be non-negative."); - } else if (options->TestingAuthDirTimeToLearnReachability > 2*60*60) { + if (options->TestingAuthDirTimeToLearnReachability > 2*60*60) { COMPLAIN("TestingAuthDirTimeToLearnReachability is insanely high."); } diff --git a/src/test/test_options.c b/src/test/test_options.c index bdcdba8028..119b2a54a4 100644 --- a/src/test/test_options.c +++ b/src/test/test_options.c @@ -991,19 +991,6 @@ test_options_validate__authdir(void *ignored) "but ClientOnly also set."); tor_free(msg); - free_options_test_data(tdata); - tdata = get_options_test_data(ENABLE_AUTHORITY_V3); - /* We have to set this value manually, because it won't parse */ - get_dirauth_options(tdata->opt)->MinUptimeHidServDirectoryV2 = -1; - mock_clean_saved_logs(); - ret = options_validate(NULL, tdata->opt, &msg); - tt_int_op(ret, OP_EQ, 0); - expect_log_msg("MinUptimeHidServDirectoryV2 " - "option must be at least 0 seconds. Changing to 0.\n"); - tt_int_op(get_dirauth_options(tdata->opt)->MinUptimeHidServDirectoryV2, - OP_EQ, 0); - tor_free(msg); - done: teardown_capture_of_logs(); // sandbox_free_getaddrinfo_cache(); @@ -3879,13 +3866,6 @@ test_options_validate__testing_options(void *ignored) tor_free(msg); \ STMT_END - TEST_TESTING_OPTION(TestingAuthDirTimeToLearnReachability, - get_dirauth_options, -1, 8000, - "must be non-negative.", ENABLE_AUTHORITY_V3); - TEST_TESTING_OPTION(TestingAuthDirTimeToLearnReachability, - get_dirauth_options, -1, 8000, - "must be non-negative.", ENABLE_AUTHORITY_BRIDGE); - TEST_TESTING_OPTION(TestingEstimatedDescriptorPropagationTime, , -1, 3601, "must be non-negative.", ""); TEST_TESTING_OPTION(TestingClientMaxIntervalWithoutRequest, , -1, 3601,