Add a DisableV2DirectoryInfo_ option to 404 all v2 ns requests

I have no idea whether b0rken clients will DoS the network if the v2
authorities all turn this on or not.  It's experimental. See #6783 for
a description of how to test it more or less safely, and please be
careful!

1 files changed, 13 insertions, 0 deletions

diff --git a/src/or/directory.c b/src/or/directory.c
index 6b61fc6a99..38a423cb8e 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -2805,6 +2805,19 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
     const char *key = url + strlen("/tor/status/");
     long lifetime = NETWORKSTATUS_CACHE_LIFETIME;
 
+    if (options->DisableV2DirectoryInfo_ && !is_v3) {
+      static ratelim_t reject_v2_ratelim = RATELIM_INIT(1800);
+      char *m;
+      write_http_status_line(conn, 404, "Not found");
+      smartlist_free(dir_fps);
+      geoip_note_ns_response(GEOIP_REJECT_NOT_FOUND);
+      if ((m = rate_limit_log(&reject_v2_ratelim, approx_time()))) {
+        log_notice(LD_DIR, "Rejected a v2 networkstatus request.%s", m);
+        tor_free(m);
+      }
+      goto done;
+    }
+
     if (!is_v3) {
       dirserv_get_networkstatus_v2_fingerprints(dir_fps, key);
       if (!strcmpstart(key, "fp/"))