From e4614d30e58007be1d44613d039891b6f131f50f Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 28 Nov 2012 11:09:37 -0500 Subject: [PATCH 1/3] Add a DisableV2DirectoryInfo_ option to 404 all v2 ns requests I have no idea whether b0rken clients will DoS the network if the v2 authorities all turn this on or not. It's experimental. See #6783 for a description of how to test it more or less safely, and please be careful! --- changes/6783_big_hammer | 6 ++++++ src/or/config.c | 1 + src/or/directory.c | 13 +++++++++++++ src/or/or.h | 10 ++++++++++ 4 files changed, 30 insertions(+) create mode 100644 changes/6783_big_hammer diff --git a/changes/6783_big_hammer b/changes/6783_big_hammer new file mode 100644 index 0000000000..2ff3249b33 --- /dev/null +++ b/changes/6783_big_hammer @@ -0,0 +1,6 @@ + o Major features (deprecation): + - There's now a "DisableV2DirectoryInfo_" option that prevents us + from serving any directory requests for v2 directory information. + This is for us to test disabling the old deprecated V2 directory + format, so that we can see whether doing so has any effect on + network load. Part of a fix for bug 6783. diff --git a/src/or/config.c b/src/or/config.c index f88842624c..7e020b8638 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -213,6 +213,7 @@ static config_var_t option_vars_[] = { V(DisableAllSwap, BOOL, "0"), V(DisableDebuggerAttachment, BOOL, "1"), V(DisableIOCP, BOOL, "1"), + V(DisableV2DirectoryInfo_, BOOL, "1"), V(DynamicDHGroups, BOOL, "0"), VPORT(DNSPort, LINELIST, NULL), V(DNSListenAddress, LINELIST, NULL), diff --git a/src/or/directory.c b/src/or/directory.c index 6b61fc6a99..38a423cb8e 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -2805,6 +2805,19 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers, const char *key = url + strlen("/tor/status/"); long lifetime = NETWORKSTATUS_CACHE_LIFETIME; + if (options->DisableV2DirectoryInfo_ && !is_v3) { + static ratelim_t reject_v2_ratelim = RATELIM_INIT(1800); + char *m; + write_http_status_line(conn, 404, "Not found"); + smartlist_free(dir_fps); + geoip_note_ns_response(GEOIP_REJECT_NOT_FOUND); + if ((m = rate_limit_log(&reject_v2_ratelim, approx_time()))) { + log_notice(LD_DIR, "Rejected a v2 networkstatus request.%s", m); + tor_free(m); + } + goto done; + } + if (!is_v3) { dirserv_get_networkstatus_v2_fingerprints(dir_fps, key); if (!strcmpstart(key, "fp/")) diff --git a/src/or/or.h b/src/or/or.h index 45eb4673ce..0f5dbd6ad5 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -3999,6 +3999,16 @@ typedef struct { /** Fraction: */ double PathsNeededToBuildCircuits; + + /** Do we serve v2 directory info at all? This is a temporary option, since + * we'd like to disable v2 directory serving entirely, but we need a way to + * make it temporarily disableable, in order to do fast testing and be + * able to turn it back on if it turns out to be non-workable. + * + * XXXX024 Don't actually leave this in. + */ + int DisableV2DirectoryInfo_; + } or_options_t; /** Persistent state for an onion router, as saved to disk. */ From 926b3d77f18d2345a70f953560f5a5312992aa73 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 6 Mar 2013 15:19:04 -0500 Subject: [PATCH 2/3] Tweak bug6783 patch. --- src/or/config.c | 4 ++++ src/or/or.h | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/src/or/config.c b/src/or/config.c index 7e020b8638..1337056f5d 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -2380,6 +2380,10 @@ options_validate(or_options_t *old_options, or_options_t *options, REJECT("TokenBucketRefillInterval must be between 1 and 1000 inclusive."); } + if (options->DisableV2DirectoryInfo_ && ! authdir_mode(options)) { + REJECT("DisableV2DirectoryInfo_ set, but we aren't an authority."); + } + if (options->ExcludeExitNodes || options->ExcludeNodes) { options->ExcludeExitNodesUnion_ = routerset_new(); routerset_union(options->ExcludeExitNodesUnion_,options->ExcludeExitNodes); diff --git a/src/or/or.h b/src/or/or.h index 0f5dbd6ad5..c2cd8a6cae 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -4005,7 +4005,8 @@ typedef struct { * make it temporarily disableable, in order to do fast testing and be * able to turn it back on if it turns out to be non-workable. * - * XXXX024 Don't actually leave this in. + * XXXX025 Make this always-on, or always-off. Right now, it's only + * enableable for authorities. */ int DisableV2DirectoryInfo_; From f8960ea22bde03ae7c4cd60af395a541fb36354c Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Sun, 10 Mar 2013 20:40:15 -0400 Subject: [PATCH 3/3] set DisableV2DirectoryInfo_ off by default since it's only enableable by authorities, nobody else would be able to start their tor --- src/or/config.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/or/config.c b/src/or/config.c index 1337056f5d..dad571967e 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -213,7 +213,7 @@ static config_var_t option_vars_[] = { V(DisableAllSwap, BOOL, "0"), V(DisableDebuggerAttachment, BOOL, "1"), V(DisableIOCP, BOOL, "1"), - V(DisableV2DirectoryInfo_, BOOL, "1"), + V(DisableV2DirectoryInfo_, BOOL, "0"), V(DynamicDHGroups, BOOL, "0"), VPORT(DNSPort, LINELIST, NULL), V(DNSListenAddress, LINELIST, NULL),