diff options
author | Nick Mathewson <nickm@torproject.org> | 2013-03-10 23:01:58 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2013-03-10 23:01:58 -0400 |
commit | e270a066a6262784be317f003f6102430db24880 (patch) | |
tree | 7125a6a92bdf9f2caee29e4934b51fa7277d8503 /src | |
parent | 8b4195f0217d24bae6dfac944b469dc05b30bcd6 (diff) | |
parent | f8960ea22bde03ae7c4cd60af395a541fb36354c (diff) | |
download | tor-e270a066a6262784be317f003f6102430db24880.tar.gz tor-e270a066a6262784be317f003f6102430db24880.zip |
Merge remote-tracking branch 'arma/bug6783_big_hammer' into maint-0.2.4
Diffstat (limited to 'src')
-rw-r--r-- | src/or/config.c | 5 | ||||
-rw-r--r-- | src/or/directory.c | 13 | ||||
-rw-r--r-- | src/or/or.h | 11 |
3 files changed, 29 insertions, 0 deletions
diff --git a/src/or/config.c b/src/or/config.c index f88842624c..dad571967e 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -213,6 +213,7 @@ static config_var_t option_vars_[] = { V(DisableAllSwap, BOOL, "0"), V(DisableDebuggerAttachment, BOOL, "1"), V(DisableIOCP, BOOL, "1"), + V(DisableV2DirectoryInfo_, BOOL, "0"), V(DynamicDHGroups, BOOL, "0"), VPORT(DNSPort, LINELIST, NULL), V(DNSListenAddress, LINELIST, NULL), @@ -2379,6 +2380,10 @@ options_validate(or_options_t *old_options, or_options_t *options, REJECT("TokenBucketRefillInterval must be between 1 and 1000 inclusive."); } + if (options->DisableV2DirectoryInfo_ && ! authdir_mode(options)) { + REJECT("DisableV2DirectoryInfo_ set, but we aren't an authority."); + } + if (options->ExcludeExitNodes || options->ExcludeNodes) { options->ExcludeExitNodesUnion_ = routerset_new(); routerset_union(options->ExcludeExitNodesUnion_,options->ExcludeExitNodes); diff --git a/src/or/directory.c b/src/or/directory.c index 6b61fc6a99..38a423cb8e 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -2805,6 +2805,19 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers, const char *key = url + strlen("/tor/status/"); long lifetime = NETWORKSTATUS_CACHE_LIFETIME; + if (options->DisableV2DirectoryInfo_ && !is_v3) { + static ratelim_t reject_v2_ratelim = RATELIM_INIT(1800); + char *m; + write_http_status_line(conn, 404, "Not found"); + smartlist_free(dir_fps); + geoip_note_ns_response(GEOIP_REJECT_NOT_FOUND); + if ((m = rate_limit_log(&reject_v2_ratelim, approx_time()))) { + log_notice(LD_DIR, "Rejected a v2 networkstatus request.%s", m); + tor_free(m); + } + goto done; + } + if (!is_v3) { dirserv_get_networkstatus_v2_fingerprints(dir_fps, key); if (!strcmpstart(key, "fp/")) diff --git a/src/or/or.h b/src/or/or.h index 45eb4673ce..c2cd8a6cae 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -3999,6 +3999,17 @@ typedef struct { /** Fraction: */ double PathsNeededToBuildCircuits; + + /** Do we serve v2 directory info at all? This is a temporary option, since + * we'd like to disable v2 directory serving entirely, but we need a way to + * make it temporarily disableable, in order to do fast testing and be + * able to turn it back on if it turns out to be non-workable. + * + * XXXX025 Make this always-on, or always-off. Right now, it's only + * enableable for authorities. + */ + int DisableV2DirectoryInfo_; + } or_options_t; /** Persistent state for an onion router, as saved to disk. */ |