New 'DisableNetwork' option to prevent Tor from using the network

Some controllers want this so they can mess with Tor's configuration
for a while via the control port before actually letting Tor out of
the house.

We do this with a new DisableNetwork option, that prevents Tor from
making any outbound connections or binding any non-control
listeners.  Additionally, it shuts down the same functionality as
shuts down when we are hibernating, plus the code that launches
directory downloads.

To make sure I didn't miss anything, I added a clause straight to
connection_connect, so that we won't even try to open an outbound
socket when the network is disabled.  In my testing, I made this an
assert, but since I probably missed something, I've turned it into a
BUG warning for testing.

1 files changed, 10 insertions, 2 deletions

diff --git a/src/or/router.c b/src/or/router.c
index b6b96a5fff..d0292aa66a 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -780,7 +780,7 @@ check_whether_dirport_reachable(void)
   const or_options_t *options = get_options();
   return !options->DirPort ||
          options->AssumeReachable ||
-         we_are_hibernating() ||
+         net_is_disabled() ||
          can_reach_dir_port;
 }
 
@@ -806,7 +806,7 @@ decide_to_advertise_dirport(const or_options_t *options, uint16_t dir_port)
     return 0;
   if (authdir_mode(options)) /* always publish */
     return dir_port;
-  if (we_are_hibernating())
+  if (net_is_disabled())
     return 0;
   if (!check_whether_dirport_reachable())
     return 0;
@@ -974,6 +974,14 @@ router_perform_bandwidth_test(int num_circs, time_t now)
   }
 }
 
+/** Return true iff our network is in some sense disabled: either we're
+ * hibernating, entering hibernation, or */
+int
+net_is_disabled(void)
+{
+  return get_options()->DisableNetwork || we_are_hibernating();
+}
+
 /** Return true iff we believe ourselves to be an authoritative
  * directory server.
  */