aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--changes/ticket406525
-rw-r--r--doc/man/tor.1.txt5
-rw-r--r--src/feature/dirauth/dirauth_options.inc3
-rw-r--r--src/feature/dirauth/voteflags.c17
4 files changed, 30 insertions, 0 deletions
diff --git a/changes/ticket40652 b/changes/ticket40652
new file mode 100644
index 0000000000..2b9f2ee1cb
--- /dev/null
+++ b/changes/ticket40652
@@ -0,0 +1,5 @@
+ o Minor features (dirauth):
+ - Add an AuthDirVoteGuard torrc option that can allow authorities to assign
+ the Guard flag to the given fingerprints/country code/IPs. This is a
+ needed feature mostly for defense purposes in case a DoS hits the network
+ and relay start losing the Guard flags too fast. Closes ticket 40652.
diff --git a/doc/man/tor.1.txt b/doc/man/tor.1.txt
index 1814801b71..ba7cdbabc8 100644
--- a/doc/man/tor.1.txt
+++ b/doc/man/tor.1.txt
@@ -3229,6 +3229,11 @@ on the public Tor network.
If set to 0, we vote Running for every relay, and don't perform
these tests. (Default: 1)
+[[AuthDirVoteGuard]] **AuthDirVoteGuard** __node__,__node__,__...__::
+ A list of identity fingerprints or country codes or address patterns of
+ nodes to vote Guard for regardless of their uptime and bandwidth. See
+ <<ExcludeNodes,ExcludeNodes>> for more information on how to specify nodes.
+
[[BridgePassword]] **BridgePassword** __Password__::
If set, contains an HTTP authenticator that tells a bridge authority to
serve all requested bridge information. Used by the (only partially
diff --git a/src/feature/dirauth/dirauth_options.inc b/src/feature/dirauth/dirauth_options.inc
index 4fd07a8859..146dc7254c 100644
--- a/src/feature/dirauth/dirauth_options.inc
+++ b/src/feature/dirauth/dirauth_options.inc
@@ -76,6 +76,9 @@ CONF_VAR(RecommendedClientVersions, LINELIST, 0, NULL)
/** Which versions of tor should we tell users to run on relays? */
CONF_VAR(RecommendedServerVersions, LINELIST, 0, NULL)
+/** Relays which should be voted Guard regardless of uptime and bandwidth. */
+CONF_VAR(AuthDirVoteGuard, ROUTERSET, 0, NULL)
+
/** If an authority has been around for less than this amount of time, it
* does not believe its reachability information is accurate. Only
* altered on testing networks. */
diff --git a/src/feature/dirauth/voteflags.c b/src/feature/dirauth/voteflags.c
index 9aefc6c5b4..52b84a9d89 100644
--- a/src/feature/dirauth/voteflags.c
+++ b/src/feature/dirauth/voteflags.c
@@ -573,6 +573,21 @@ should_publish_node_ipv6(const node_t *node, const routerinfo_t *ri,
router_is_me(ri));
}
+/** Set routerstatus flags based on the authority options. Same as the testing
+ * function but for the main network. */
+static void
+dirserv_set_routerstatus_flags(routerstatus_t *rs)
+{
+ const dirauth_options_t *options = dirauth_get_options();
+
+ tor_assert(rs);
+
+ /* Assign Guard flag to relays that can get it unconditionnaly. */
+ if (routerset_contains_routerstatus(options->AuthDirVoteGuard, rs, 0)) {
+ rs->is_possible_guard = 1;
+ }
+}
+
/**
* Extract status information from <b>ri</b> and from other authority
* functions and store it in <b>rs</b>, as per
@@ -638,6 +653,8 @@ dirauth_set_routerstatus_from_routerinfo(routerstatus_t *rs,
if (options->TestingTorNetwork) {
dirserv_set_routerstatus_testing(rs);
+ } else {
+ dirserv_set_routerstatus_flags(rs);
}
}