diff options
| author | Nick Mathewson <nickm@torproject.org> | 2020-01-17 08:37:33 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2020-01-17 08:37:33 -0500 |
| commit | 7f03ba06d8447025ef3e53906ebe9bcdd0d4d1b5 (patch) | |
| tree | 0ca7cbfd413cfcc3646f82e539c37a67cc43b4b2 | |
| parent | abd9ae48ac2306dc2784d9af2b34b883d83534f4 (diff) | |
| parent | 6d2b9c963100dab56f61786b65d8629faaada7ad (diff) | |
| download | tor-7f03ba06d8447025ef3e53906ebe9bcdd0d4d1b5.tar.gz tor-7f03ba06d8447025ef3e53906ebe9bcdd0d4d1b5.zip | |
Merge branch 'ticket32806'
24 files changed, 508 insertions, 289 deletions
diff --git a/changes/ticket32806 b/changes/ticket32806 new file mode 100644 index 0000000000..357e281d36 --- /dev/null +++ b/changes/ticket32806 @@ -0,0 +1,3 @@ + o Code simplification and refactoring: + - Use our new configuration architecture to move most authority-related + options to the directory authority module. Closes ticket 32806. diff --git a/src/app/config/config.c b/src/app/config/config.c index 2863c34b0e..bc65977b20 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -329,16 +329,11 @@ static const config_var_t option_vars_[] = { V(AuthDirBadExitCCs, CSV, ""), V(AuthDirInvalid, LINELIST, NULL), V(AuthDirInvalidCCs, CSV, ""), - V(AuthDirFastGuarantee, MEMUNIT, "100 KB"), - V(AuthDirGuardBWGuarantee, MEMUNIT, "2 MB"), - V(AuthDirPinKeys, BOOL, "1"), V(AuthDirReject, LINELIST, NULL), V(AuthDirRejectCCs, CSV, ""), OBSOLETE("AuthDirRejectUnlisted"), OBSOLETE("AuthDirListBadDirs"), - V(AuthDirListBadExits, BOOL, "0"), OBSOLETE("AuthDirMaxServersPerAuthAddr"), - V(AuthDirHasIPv6Connectivity, BOOL, "0"), VAR("AuthoritativeDirectory", BOOL, AuthoritativeDir, "0"), V(AutomapHostsOnResolve, BOOL, "0"), V(AutomapHostsSuffixes, CSV, ".onion,.exit"), @@ -376,7 +371,6 @@ static const config_var_t option_vars_[] = { V(ClientTransportPlugin, LINELIST, NULL), V(ClientUseIPv6, BOOL, "0"), V(ClientUseIPv4, BOOL, "1"), - V(ConsensusParams, STRING, NULL), V(ConnLimit, POSINT, "1000"), V(ConnDirectionStatistics, BOOL, "0"), V(ConstrainedSockets, BOOL, "0"), @@ -398,7 +392,6 @@ static const config_var_t option_vars_[] = { V(DisableOOSCheck, BOOL, "1"), V(DisableNetwork, BOOL, "0"), V(DirAllowPrivateAddresses, BOOL, "0"), - V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"), OBSOLETE("DirListenAddress"), V(DirPolicy, LINELIST, NULL), VPORT(DirPort), @@ -562,7 +555,6 @@ static const config_var_t option_vars_[] = { OBSOLETE("MaxOnionsPending"), V(MaxOnionQueueDelay, MSEC_INTERVAL, "1750 msec"), V(MaxUnparseableDescSizeToLog, MEMUNIT, "10 MB"), - V(MinMeasuredBWsForAuthToIgnoreAdvertised, INT, "500"), VAR("MyFamily", LINELIST, MyFamily_lines, NULL), V(NewCircuitPeriod, INTERVAL, "30 seconds"), OBSOLETE("NamingAuthoritativeDirectory"), @@ -605,8 +597,6 @@ static const config_var_t option_vars_[] = { V(PerConnBWRate, MEMUNIT, "0"), V_IMMUTABLE(PidFile, FILENAME, NULL), V_IMMUTABLE(TestingTorNetwork, BOOL, "0"), - V(TestingMinExitFlagThreshold, MEMUNIT, "0"), - V(TestingMinFastFlagThreshold, MEMUNIT, "0"), V(TestingLinkCertLifetime, INTERVAL, "2 days"), V(TestingAuthKeyLifetime, INTERVAL, "2 days"), @@ -624,9 +614,6 @@ static const config_var_t option_vars_[] = { V(ReachableAddresses, LINELIST, NULL), V(ReachableDirAddresses, LINELIST, NULL), V(ReachableORAddresses, LINELIST, NULL), - V(RecommendedVersions, LINELIST, NULL), - V(RecommendedClientVersions, LINELIST, NULL), - V(RecommendedServerVersions, LINELIST, NULL), OBSOLETE("RecommendedPackages"), V(ReducedConnectionPadding, BOOL, "0"), V(ConnectionPadding, AUTOBOOL, "auto"), @@ -688,8 +675,6 @@ static const config_var_t option_vars_[] = { OBSOLETE("UseNTorHandshake"), V_IMMUTABLE(User, STRING, NULL), OBSOLETE("UserspaceIOCPBuffers"), - V(AuthDirSharedRandomness, BOOL, "1"), - V(AuthDirTestEd25519LinkKeys, BOOL, "1"), OBSOLETE("V1AuthoritativeDirectory"), OBSOLETE("V2AuthoritativeDirectory"), VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir, "0"), @@ -704,7 +689,6 @@ static const config_var_t option_vars_[] = { V(V3AuthUseLegacyKey, BOOL, "0"), V(V3BandwidthsFile, FILENAME, NULL), V(GuardfractionFile, FILENAME, NULL), - VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"), OBSOLETE("VoteOnHidServDirectoriesV2"), V(VirtualAddrNetworkIPv4, STRING, "127.192.0.0/10"), V(VirtualAddrNetworkIPv6, STRING, "[FE80::]/10"), @@ -724,7 +708,6 @@ static const config_var_t option_vars_[] = { OwningControllerProcess, NULL), VAR_NODUMP_IMMUTABLE("__OwningControllerFD", UINT64, OwningControllerFD, UINT64_MAX_STRING), - V(MinUptimeHidServDirectoryV2, INTERVAL, "96 hours"), V(TestingServerDownloadInitialDelay, CSV_INTERVAL, "0"), V(TestingClientDownloadInitialDelay, CSV_INTERVAL, "0"), V(TestingServerConsensusDownloadInitialDelay, CSV_INTERVAL, "0"), @@ -770,12 +753,6 @@ static const config_var_t option_vars_[] = { OBSOLETE("TestingDescriptorMaxDownloadTries"), OBSOLETE("TestingMicrodescMaxDownloadTries"), OBSOLETE("TestingCertMaxDownloadTries"), - V_D(TestingDirAuthVoteExit, ROUTERSET, NULL), - V(TestingDirAuthVoteExitIsStrict, BOOL, "0"), - V_D(TestingDirAuthVoteGuard, ROUTERSET, NULL), - V(TestingDirAuthVoteGuardIsStrict, BOOL, "0"), - V_D(TestingDirAuthVoteHSDir, ROUTERSET, NULL), - V(TestingDirAuthVoteHSDirIsStrict, BOOL, "0"), VAR_INVIS("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "0"), @@ -3889,8 +3866,6 @@ options_validate_cb(const void *old_options_, void *options_, char **msg) if (options_validate_relay_bandwidth(old_options, options, msg) < 0) return -1; - if (options_validate_dirauth_bandwidth(old_options, options, msg) < 0) - return -1; if (options->BandwidthRate > options->BandwidthBurst) REJECT("BandwidthBurst must be at least equal to BandwidthRate."); diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h index 2733bf775c..35ba15a9e2 100644 --- a/src/app/config/or_options_st.h +++ b/src/app/config/or_options_st.h @@ -122,11 +122,6 @@ struct or_options_t { * [][0] is IPv4, [][1] is IPv6 */ tor_addr_t OutboundBindAddresses[OUTBOUND_ADDR_MAX][2]; - /** Directory server only: which versions of - * Tor should we tell users to run? */ - struct config_line_t *RecommendedVersions; - struct config_line_t *RecommendedClientVersions; - struct config_line_t *RecommendedServerVersions; /** Whether dirservers allow router descriptors with private IPs. */ int DirAllowPrivateAddresses; /** Whether routers accept EXTEND cells to routers with private IPs. */ @@ -201,9 +196,6 @@ struct or_options_t { int AuthoritativeDir; /**< Boolean: is this an authoritative directory? */ int V3AuthoritativeDir; /**< Boolean: is this an authoritative directory * for version 3 directories? */ - int VersioningAuthoritativeDir; /**< Boolean: is this an authoritative - * directory that's willing to recommend - * versions? */ int BridgeAuthoritativeDir; /**< Boolean: is this an authoritative directory * that aggregates bridge descriptors? */ @@ -274,9 +266,6 @@ struct or_options_t { int FetchServerDescriptors; /**< Do we fetch server descriptors as normal? */ int FetchHidServDescriptors; /**< and hidden service descriptors? */ - int MinUptimeHidServDirectoryV2; /**< As directory authority, accept hidden - * service directories after what time? */ - int FetchUselessDescriptors; /**< Do we fetch non-running descriptors too? */ int AllDirActionsPrivate; /**< Should every directory action be sent * through a Tor circuit? */ @@ -479,19 +468,6 @@ struct or_options_t { struct smartlist_t *AuthDirRejectCCs; /**@}*/ - int AuthDirListBadExits; /**< True iff we should list bad exits, - * and vote for all other exits as good. */ - int AuthDirHasIPv6Connectivity; /**< Boolean: are we on IPv6? */ - int AuthDirPinKeys; /**< Boolean: Do we enforce key-pinning? */ - - /** If non-zero, always vote the Fast flag for any relay advertising - * this amount of capacity or more. */ - uint64_t AuthDirFastGuarantee; - - /** If non-zero, this advertised capacity or more is always sufficient - * to satisfy the bandwidth requirement for the Guard flag. */ - uint64_t AuthDirGuardBWGuarantee; - char *AccountingStart; /**< How long is the accounting interval, and when * does it start? */ uint64_t AccountingMax; /**< How many bytes do we allow per accounting @@ -708,14 +684,6 @@ struct or_options_t { /** Location of guardfraction file */ char *GuardfractionFile; - /** Authority only: key=value pairs that we add to our networkstatus - * consensus vote on the 'params' line. */ - char *ConsensusParams; - - /** Authority only: minimum number of measured bandwidths we must see - * before we only believe measured bandwidths to assign flags. */ - int MinMeasuredBWsForAuthToIgnoreAdvertised; - /** The length of time that we think an initial consensus should be fresh. * Only altered on testing networks. */ int TestingV3AuthInitialVotingInterval; @@ -732,11 +700,6 @@ struct or_options_t { voting. Only altered on testing networks. */ int TestingV3AuthVotingStartOffset; - /** If an authority has been around for less than this amount of time, it - * does not believe its reachability information is accurate. Only - * altered on testing networks. */ - int TestingAuthDirTimeToLearnReachability; - /** Schedule for when servers should download things in general. Only * altered on testing networks. */ int TestingServerDownloadInitialDelay; @@ -810,27 +773,6 @@ struct or_options_t { * of certain configuration options. */ int TestingTorNetwork; - /** Minimum value for the Exit flag threshold on testing networks. */ - uint64_t TestingMinExitFlagThreshold; - - /** Minimum value for the Fast flag threshold on testing networks. */ - uint64_t TestingMinFastFlagThreshold; - - /** Relays in a testing network which should be voted Exit - * regardless of exit policy. */ - struct routerset_t *TestingDirAuthVoteExit; - int TestingDirAuthVoteExitIsStrict; - - /** Relays in a testing network which should be voted Guard - * regardless of uptime and bandwidth. */ - struct routerset_t *TestingDirAuthVoteGuard; - int TestingDirAuthVoteGuardIsStrict; - - /** Relays in a testing network which should be voted HSDir - * regardless of uptime and DirPort. */ - struct routerset_t *TestingDirAuthVoteHSDir; - int TestingDirAuthVoteHSDirIsStrict; - /** Enable CONN_BW events. Only altered on testing networks. */ int TestingEnableConnBwEvent; @@ -1009,12 +951,6 @@ struct or_options_t { */ uint64_t MaxUnparseableDescSizeToLog; - /** Bool (default: 1): Switch for the shared random protocol. Only - * relevant to a directory authority. If off, the authority won't - * participate in the protocol. If on (default), a flag is added to the - * vote indicating participation. */ - int AuthDirSharedRandomness; - /** If 1, we skip all OOS checks. */ int DisableOOSCheck; @@ -1022,11 +958,6 @@ struct or_options_t { * If -1, we should do whatever the consensus parameter says. */ int ExtendByEd25519ID; - /** Bool (default: 1): When testing routerinfos as a directory authority, - * do we enforce Ed25519 identity match? */ - /* NOTE: remove this option someday. */ - int AuthDirTestEd25519LinkKeys; - /** Bool (default: 0): Tells if a %include was used on torrc */ int IncludeUsed; diff --git a/src/feature/dirauth/bwauth.c b/src/feature/dirauth/bwauth.c index a89cfc463c..ff0c78f018 100644 --- a/src/feature/dirauth/bwauth.c +++ b/src/feature/dirauth/bwauth.c @@ -13,10 +13,12 @@ #include "feature/dirauth/bwauth.h" #include "app/config/config.h" +#include "feature/dirauth/dirauth_sys.h" #include "feature/nodelist/networkstatus.h" #include "feature/nodelist/routerlist.h" #include "feature/dirparse/ns_parse.h" +#include "feature/dirauth/dirauth_options_st.h" #include "feature/nodelist/routerinfo_st.h" #include "feature/nodelist/vote_routerstatus_st.h" @@ -182,7 +184,7 @@ dirserv_get_credible_bandwidth_kb(const routerinfo_t *ri) /* Check if we have a measured bandwidth, and check the threshold if not */ if (!(dirserv_query_measured_bw_cache_kb(ri->cache_info.identity_digest, &mbw_kb, NULL))) { - threshold = get_options()->MinMeasuredBWsForAuthToIgnoreAdvertised; + threshold = dirauth_get_options()->MinMeasuredBWsForAuthToIgnoreAdvertised; if (routers_with_measured_bw > threshold) { /* Return zero for unmeasured bandwidth if we are above threshold */ bw_kb = 0; diff --git a/src/feature/dirauth/dirauth_config.c b/src/feature/dirauth/dirauth_config.c index 6d2478f002..3aeeab3b31 100644 --- a/src/feature/dirauth/dirauth_config.c +++ b/src/feature/dirauth/dirauth_config.c @@ -73,24 +73,6 @@ options_validate_dirauth_mode(const or_options_t *old_options, if (!options->ContactInfo && !options->TestingTorNetwork) REJECT("Authoritative directory servers must set ContactInfo"); - if (!options->RecommendedClientVersions) - options->RecommendedClientVersions = - config_lines_dup(options->RecommendedVersions); - if (!options->RecommendedServerVersions) - options->RecommendedServerVersions = - config_lines_dup(options->RecommendedVersions); - if (options->VersioningAuthoritativeDir && - (!options->RecommendedClientVersions || - !options->RecommendedServerVersions)) - REJECT("Versioning authoritative dir servers must set " - "Recommended*Versions."); - - char *t; - /* Call these functions to produce warnings only. */ - t = format_recommended_version_list(options->RecommendedClientVersions, 1); - tor_free(t); - t = format_recommended_version_list(options->RecommendedServerVersions, 1); - tor_free(t); if (options->UseEntryGuards) { log_info(LD_CONFIG, "Authoritative directory servers can't set " @@ -126,45 +108,6 @@ options_validate_dirauth_mode(const or_options_t *old_options, if (options->ClientOnly) REJECT("Running as authoritative directory, but ClientOnly also set."); - if (options->MinUptimeHidServDirectoryV2 < 0) { - log_warn(LD_CONFIG, "MinUptimeHidServDirectoryV2 option must be at " - "least 0 seconds. Changing to 0."); - options->MinUptimeHidServDirectoryV2 = 0; - } - - return 0; -} - -/** - * Legacy validation/normalization function for the dirauth bandwidth options - * in options. Uses old_options as the previous options. - * - * Returns 0 on success, returns -1 and sets *msg to a newly allocated string - * on error. - */ -int -options_validate_dirauth_bandwidth(const or_options_t *old_options, - or_options_t *options, - char **msg) -{ - (void)old_options; - - if (BUG(!options)) - return -1; - - if (BUG(!msg)) - return -1; - - if (!authdir_mode(options)) - return 0; - - if (config_ensure_bandwidth_cap(&options->AuthDirFastGuarantee, - "AuthDirFastGuarantee", msg) < 0) - return -1; - if (config_ensure_bandwidth_cap(&options->AuthDirGuardBWGuarantee, - "AuthDirGuardBWGuarantee", msg) < 0) - return -1; - return 0; } @@ -270,12 +213,6 @@ options_validate_dirauth_testing(const or_options_t *old_options, if (!authdir_mode(options)) return 0; - if (options->TestingAuthDirTimeToLearnReachability < 0) { - REJECT("TestingAuthDirTimeToLearnReachability must be non-negative."); - } else if (options->TestingAuthDirTimeToLearnReachability > 2*60*60) { - COMPLAIN("TestingAuthDirTimeToLearnReachability is insanely high."); - } - if (!authdir_mode_v3(options)) return 0; @@ -441,6 +378,66 @@ options_act_dirauth_stats(const or_options_t *old_options, return 0; } +/** + * Make any necessary modifications to a dirauth_options_t that occur + * before validation. On success return 0; on failure return -1 and + * set *<b>msg_out</b> to a newly allocated error string. + **/ +static int +dirauth_options_pre_normalize(void *arg, char **msg_out) +{ + dirauth_options_t *options = arg; + (void)msg_out; + + if (!options->RecommendedClientVersions) + options->RecommendedClientVersions = + config_lines_dup(options->RecommendedVersions); + if (!options->RecommendedServerVersions) + options->RecommendedServerVersions = + config_lines_dup(options->RecommendedVersions); + + if (config_ensure_bandwidth_cap(&options->AuthDirFastGuarantee, + "AuthDirFastGuarantee", msg_out) < 0) + return -1; + if (config_ensure_bandwidth_cap(&options->AuthDirGuardBWGuarantee, + "AuthDirGuardBWGuarantee", msg_out) < 0) + return -1; + + return 0; +} + +/** + * Check whether a dirauth_options_t is correct. + * + * On success return 0; on failure return -1 and set *<b>msg_out</b> to a + * newly allocated error string. + **/ +static int +dirauth_options_validate(const void *arg, char **msg) +{ + const dirauth_options_t *options = arg; + + if (options->VersioningAuthoritativeDirectory && + (!options->RecommendedClientVersions || + !options->RecommendedServerVersions)) { + REJECT("Versioning authoritative dir servers must set " + "Recommended*Versions."); + } + + char *t; + /* Call these functions to produce warnings only. */ + t = format_recommended_version_list(options->RecommendedClientVersions, 1); + tor_free(t); + t = format_recommended_version_list(options->RecommendedServerVersions, 1); + tor_free(t); + + if (options->TestingAuthDirTimeToLearnReachability > 2*60*60) { + COMPLAIN("TestingAuthDirTimeToLearnReachability is insanely high."); + } + + return 0; +} + /* Declare the options field table for dirauth_options */ #define CONF_CONTEXT TABLE #include "feature/dirauth/dirauth_options.inc" @@ -458,5 +455,7 @@ const config_format_t dirauth_options_fmt = { DIRAUTH_OPTIONS_MAGIC, offsetof(dirauth_options_t, magic) }, .vars = dirauth_options_t_vars, -}; + .pre_normalize_fn = dirauth_options_pre_normalize, + .validate_fn = dirauth_options_validate +}; diff --git a/src/feature/dirauth/dirauth_config.h b/src/feature/dirauth/dirauth_config.h index a69a56bfcf..2ebafd917e 100644 --- a/src/feature/dirauth/dirauth_config.h +++ b/src/feature/dirauth/dirauth_config.h @@ -22,10 +22,6 @@ int options_validate_dirauth_mode(const struct or_options_t *old_options, struct or_options_t *options, char **msg); -int options_validate_dirauth_bandwidth(const struct or_options_t *old_options, - struct or_options_t *options, - char **msg); - int options_validate_dirauth_schedule(const struct or_options_t *old_options, struct or_options_t *options, char **msg); @@ -67,8 +63,6 @@ options_validate_dirauth_mode(const struct or_options_t *old_options, return 0; } -#define options_validate_dirauth_bandwidth(old_options, options, msg) \ - (((void)(old_options)),((void)(options)),((void)(msg)),0) #define options_validate_dirauth_schedule(old_options, options, msg) \ (((void)(old_options)),((void)(options)),((void)(msg)),0) #define options_validate_dirauth_testing(old_options, options, msg) \ diff --git a/src/feature/dirauth/dirauth_options.inc b/src/feature/dirauth/dirauth_options.inc index 6b66f1e289..5939010fe7 100644 --- a/src/feature/dirauth/dirauth_options.inc +++ b/src/feature/dirauth/dirauth_options.inc @@ -12,7 +12,87 @@ /** Holds configuration about our directory authority options. */ BEGIN_CONF_STRUCT(dirauth_options_t) +/** If non-zero, always vote the Fast flag for any relay advertising + * this amount of capacity or more. */ +CONF_VAR(AuthDirFastGuarantee, MEMUNIT, 0, "100 KB") + +/** If non-zero, this advertised capacity or more is always sufficient + * to satisfy the bandwidth requirement for the Guard flag. */ +CONF_VAR(AuthDirGuardBWGuarantee, MEMUNIT, 0, "2 MB") + +/** Boolean: are we on IPv6? */ +CONF_VAR(AuthDirHasIPv6Connectivity, BOOL, 0, "0") + +/** True iff we should list bad exits, and vote for all other exits as + * good. */ +CONF_VAR(AuthDirListBadExits, BOOL, 0, "0") + /** Do not permit more than this number of servers per IP address. */ CONF_VAR(AuthDirMaxServersPerAddr, POSINT, 0, "2") +/** Boolean: Do we enforce key-pinning? */ +CONF_VAR(AuthDirPinKeys, BOOL, 0, "1") + +/** Bool (default: 1): Switch for the shared random protocol. Only + * relevant to a directory authority. If off, the authority won't + * participate in the protocol. If on (default), a flag is added to the + * vote indicating participation. */ +CONF_VAR(AuthDirSharedRandomness, BOOL, 0, "1") + +/** Bool (default: 1): When testing routerinfos as a directory authority, + * do we enforce Ed25519 identity match? */ +/* NOTE: remove this option someday. */ +CONF_VAR(AuthDirTestEd25519LinkKeys, BOOL, 0, "1") + +/** Authority only: key=value pairs that we add to our networkstatus + * consensus vote on the 'params' line. */ +CONF_VAR(ConsensusParams, STRING, 0, NULL) + +/** Authority only: minimum number of measured bandwidths we must see + * before we only believe measured bandwidths to assign flags. */ +CONF_VAR(MinMeasuredBWsForAuthToIgnoreAdvertised, INT, 0, "500") + +/** As directory authority, accept hidden service directories after what + * time? */ +CONF_VAR(MinUptimeHidServDirectoryV2, INTERVAL, 0, "96 hours") + +/** Which versions of tor should we tell users to run? */ +CONF_VAR(RecommendedVersions, LINELIST, 0, NULL) + +/** Which versions of tor should we tell users to run on clients? */ +CONF_VAR(RecommendedClientVersions, LINELIST, 0, NULL) + +/** Which versions of tor should we tell users to run on relays? */ +CONF_VAR(RecommendedServerVersions, LINELIST, 0, NULL) + +/** If an authority has been around for less than this amount of time, it + * does not believe its reachability information is accurate. Only + * altered on testing networks. */ +CONF_VAR(TestingAuthDirTimeToLearnReachability, INTERVAL, 0, "30 minutes") + + /** Relays in a testing network which should be voted Exit + * regardless of exit policy. */ +CONF_VAR(TestingDirAuthVoteExit, ROUTERSET, 0, NULL) +CONF_VAR(TestingDirAuthVoteExitIsStrict, BOOL, 0, "0") + +/** Relays in a testing network which should be voted Guard + * regardless of uptime and bandwidth. */ +CONF_VAR(TestingDirAuthVoteGuard, ROUTERSET, 0, NULL) +CONF_VAR(TestingDirAuthVoteGuardIsStrict, BOOL, 0, "0") + +/** Relays in a testing network which should be voted HSDir + * regardless of uptime and DirPort. */ +CONF_VAR(TestingDirAuthVoteHSDir, ROUTERSET, 0, NULL) +CONF_VAR(TestingDirAuthVoteHSDirIsStrict, BOOL, 0, "0") + +/** Minimum value for the Exit flag threshold on testing networks. */ +CONF_VAR(TestingMinExitFlagThreshold, MEMUNIT, 0, "0") + +/** Minimum value for the Fast flag threshold on testing networks. */ +CONF_VAR(TestingMinFastFlagThreshold, MEMUNIT, 0, "0") + +/** Boolean: is this an authoritative directory that's willing to recommend + * versions? */ +CONF_VAR(VersioningAuthoritativeDirectory, BOOL, 0, "0") + END_CONF_STRUCT(dirauth_options_t) diff --git a/src/feature/dirauth/dirauth_options_st.h b/src/feature/dirauth/dirauth_options_st.h index 86022ec223..02a498c054 100644 --- a/src/feature/dirauth/dirauth_options_st.h +++ b/src/feature/dirauth/dirauth_options_st.h @@ -13,6 +13,8 @@ #define TOR_FEATURE_DIRAUTH_DIRAUTH_OPTIONS_ST_H #include "lib/conf/confdecl.h" +#include "feature/nodelist/routerset.h" + #define CONF_CONTEXT STRUCT #include "feature/dirauth/dirauth_options.inc" #undef CONF_CONTEXT diff --git a/src/feature/dirauth/dirauth_sys.c b/src/feature/dirauth/dirauth_sys.c index a953634634..56ac501e16 100644 --- a/src/feature/dirauth/dirauth_sys.c +++ b/src/feature/dirauth/dirauth_sys.c @@ -11,6 +11,7 @@ #include "core/or/or.h" +#define DIRAUTH_SYS_PRIVATE #include "feature/dirauth/bwauth.h" #include "feature/dirauth/dirauth_sys.h" #include "feature/dirauth/dirvote.h" @@ -49,7 +50,7 @@ dirauth_get_options(void) return global_dirauth_options; } -static int +STATIC int dirauth_set_options(void *arg) { dirauth_options_t *opts = arg; diff --git a/src/feature/dirauth/dirauth_sys.h b/src/feature/dirauth/dirauth_sys.h index ae99f8141a..c512b91b33 100644 --- a/src/feature/dirauth/dirauth_sys.h +++ b/src/feature/dirauth/dirauth_sys.h @@ -25,4 +25,8 @@ extern const struct subsys_fns_t sys_dirauth; **/ #define DIRAUTH_SUBSYS_LEVEL 70 +#ifdef DIRAUTH_SYS_PRIVATE +STATIC int dirauth_set_options(void *arg); +#endif + #endif /* !defined(DIRAUTH_SYS_H) */ diff --git a/src/feature/dirauth/dirvote.c b/src/feature/dirauth/dirvote.c index 97fe66c1a2..9490867e82 100644 --- a/src/feature/dirauth/dirvote.c +++ b/src/feature/dirauth/dirvote.c @@ -4406,6 +4406,7 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key, authority_cert_t *cert) { const or_options_t *options = get_options(); + const dirauth_options_t *d_options = dirauth_get_options(); networkstatus_t *v3_out = NULL; uint32_t addr; char *hostname = NULL, *client_versions = NULL, *server_versions = NULL; @@ -4413,7 +4414,7 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key, smartlist_t *routers, *routerstatuses; char identity_digest[DIGEST_LEN]; char signing_key_digest[DIGEST_LEN]; - int listbadexits = options->AuthDirListBadExits; + const int listbadexits = d_options->AuthDirListBadExits; routerlist_t *rl = router_get_routerlist(); time_t now = time(NULL); time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH; @@ -4445,11 +4446,11 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key, hostname = tor_dup_ip(addr); } - if (options->VersioningAuthoritativeDir) { + if (d_options->VersioningAuthoritativeDirectory) { client_versions = - format_recommended_version_list(options->RecommendedClientVersions, 0); + format_recommended_version_list(d_options->RecommendedClientVersions, 0); server_versions = - format_recommended_version_list(options->RecommendedServerVersions, 0); + format_recommended_version_list(d_options->RecommendedServerVersions, 0); } contact = get_options()->ContactInfo; @@ -4650,10 +4651,10 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key, smartlist_add_strdup(v3_out->known_flags, "BadExit"); smartlist_sort_strings(v3_out->known_flags); - if (options->ConsensusParams) { + if (d_options->ConsensusParams) { v3_out->net_params = smartlist_new(); smartlist_split_string(v3_out->net_params, - options->ConsensusParams, NULL, 0, 0); + d_options->ConsensusParams, NULL, 0, 0); smartlist_sort_strings(v3_out->net_params); } v3_out->bw_file_headers = bw_file_headers; diff --git a/src/feature/dirauth/process_descs.c b/src/feature/dirauth/process_descs.c index 139c6834a9..baf8f8c217 100644 --- a/src/feature/dirauth/process_descs.c +++ b/src/feature/dirauth/process_descs.c @@ -20,6 +20,7 @@ #include "app/config/config.h" #include "core/or/policies.h" #include "core/or/versions.h" +#include "feature/dirauth/dirauth_sys.h" #include "feature/dirauth/keypin.h" #include "feature/dirauth/reachability.h" #include "feature/dirclient/dlstatus.h" @@ -35,6 +36,7 @@ #include "feature/relay/router.h" #include "core/or/tor_version_st.h" +#include "feature/dirauth/dirauth_options_st.h" #include "feature/nodelist/extrainfo_st.h" #include "feature/nodelist/node_st.h" #include "feature/nodelist/microdesc_st.h" @@ -289,7 +291,7 @@ dirserv_router_get_status(const routerinfo_t *router, const char **msg, int severity) { char d[DIGEST_LEN]; - const int key_pinning = get_options()->AuthDirPinKeys; + const int key_pinning = dirauth_get_options()->AuthDirPinKeys; uint32_t r; ed25519_public_key_t *signing_key = NULL; @@ -741,7 +743,7 @@ dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source) char *desc, *nickname; const size_t desclen = ri->cache_info.signed_descriptor_len + ri->cache_info.annotations_len; - const int key_pinning = get_options()->AuthDirPinKeys; + const int key_pinning = dirauth_get_options()->AuthDirPinKeys; *msg = NULL; /* If it's too big, refuse it now. Otherwise we'll cache it all over the diff --git a/src/feature/dirauth/reachability.c b/src/feature/dirauth/reachability.c index 292c9be759..65fa27ed80 100644 --- a/src/feature/dirauth/reachability.c +++ b/src/feature/dirauth/reachability.c @@ -17,6 +17,7 @@ #include "core/or/channeltls.h" #include "core/or/command.h" |