4 files changed, 126 insertions, 13 deletions

diff --git a/src/app/config/config.c b/src/app/config/config.c
index 2877bc1e6a..8df5275cc6 100644
--- a/src/app/config/config.c
+++ b/src/app/config/config.c
@@ -193,6 +193,7 @@ static const config_abbrev_t option_abbrevs_[] = {
   PLURAL(AuthDirBadDirCC),
   PLURAL(AuthDirBadExitCC),
   PLURAL(AuthDirInvalidCC),
+  PLURAL(AuthDirMiddleOnlyCC),
   PLURAL(AuthDirRejectCC),
   PLURAL(EntryNode),
   PLURAL(ExcludeNode),
@@ -331,6 +332,8 @@ static const config_var_t option_vars_[] = {
   V(AuthDirBadExitCCs,           CSV,      ""),
   V(AuthDirInvalid,              LINELIST, NULL),
   V(AuthDirInvalidCCs,           CSV,      ""),
+  V(AuthDirMiddleOnly,           LINELIST, NULL),
+  V(AuthDirMiddleOnlyCCs,        CSV,      ""),
   V(AuthDirReject,               LINELIST, NULL),
   V(AuthDirRejectCCs,            CSV,      ""),
   OBSOLETE("AuthDirRejectUnlisted"),
@@ -616,6 +619,7 @@ static const config_var_t option_vars_[] = {
   V(ConnectionPadding,           AUTOBOOL, "auto"),
   V(RefuseUnknownExits,          AUTOBOOL, "auto"),
   V(CircuitPadding,              BOOL,     "1"),
+  V(ReconfigDropsBridgeDescs,    BOOL,     "0"),
   V(ReducedCircuitPadding,       BOOL,     "0"),
   V(RejectPlaintextPorts,        CSV,      ""),
   V(RelayBandwidthBurst,         MEMUNIT,  "0"),
@@ -668,6 +672,7 @@ static const config_var_t option_vars_[] = {
   VAR("UseEntryGuards",          BOOL,     UseEntryGuards_option, "1"),
   OBSOLETE("UseEntryGuardsAsDirGuards"),
   V(UseGuardFraction,            AUTOBOOL, "auto"),
+  V(VanguardsLiteEnabled,        AUTOBOOL, "auto"),
   V(UseMicrodescriptors,         AUTOBOOL, "auto"),
   OBSOLETE("UseNTorHandshake"),
   V_IMMUTABLE(User,              STRING,   NULL),
@@ -2309,6 +2314,8 @@ options_act,(const or_options_t *old_options))
     }
 
     if (transition_affects_guards) {
+      if (options->ReconfigDropsBridgeDescs)
+        routerlist_drop_bridge_descriptors();
       if (guards_update_all()) {
         abandon_circuits = 1;
       }
@@ -5468,6 +5475,77 @@ pt_parse_transport_line(const or_options_t *options,
   return r;
 }
 
+/**
+ * Parse a flag describing an extra dirport for a directory authority.
+ *
+ * Right now, the supported format is exactly:
+ * `{upload,download,voting}=http://[IP:PORT]/`.
+ * Other URL schemes, and other suffixes, might be supported in the future.
+ *
+ * Only call this function if `flag` starts with one of the above strings.
+ *
+ * Return 0 on success, and -1 on failure.
+ *
+ * If `ds` is provided, then add any parsed dirport to `ds`.  If `ds` is NULL,
+ * take no action other than parsing.
+ **/
+static int
+parse_dirauth_dirport(dir_server_t *ds, const char *flag)
+{
+  tor_assert(flag);
+
+  auth_dirport_usage_t usage;
+
+  if (!strcasecmpstart(flag, "upload=")) {
+    usage = AUTH_USAGE_UPLOAD;
+  } else if (!strcasecmpstart(flag, "download=")) {
+    usage = AUTH_USAGE_DOWNLOAD;
+  } else if (!strcasecmpstart(flag, "vote=")) {
+    usage = AUTH_USAGE_VOTING;
+  } else {
+    // We shouldn't get called with a flag that we don't recognize.
+    tor_assert_nonfatal_unreached();
+    return -1;
+  }
+
+  const char *eq = strchr(flag, '=');
+  tor_assert(eq);
+  const char *target = eq + 1;
+
+  // Find the part inside the http://{....}/
+  if (strcmpstart(target, "http://")) {
+    log_warn(LD_CONFIG, "Unsupported URL scheme in authority flag %s", flag);
+    return -1;
+  }
+  const char *addr = target + strlen("http://");
+
+  const char *eos = strchr(addr, '/');
+  size_t addr_len;
+  if (eos && strcmp(eos, "/")) {
+    log_warn(LD_CONFIG, "Unsupported URL prefix in authority flag %s", flag);
+    return -1;
+  } else if (eos) {
+    addr_len = eos - addr;
+  } else {
+    addr_len = strlen(addr);
+  }
+
+  // Finally, parse the addr:port part.
+  char *addr_string = tor_strndup(addr, addr_len);
+  tor_addr_port_t dirport;
+  memset(&dirport, 0, sizeof(dirport));
+  int rv = tor_addr_port_parse(LOG_WARN, addr_string,
+                               &dirport.addr, &dirport.port, -1);
+  if (ds != NULL && rv == 0) {
+    trusted_dir_server_add_dirport(ds, usage, &dirport);
+  } else if (rv == -1) {
+    log_warn(LD_CONFIG, "Unable to parse address in authority flag %s",flag);
+  }
+
+  tor_free(addr_string);
+  return rv;
+}
+
 /** Read the contents of a DirAuthority line from <b>line</b>. If
  * <b>validate_only</b> is 0, and the line is well-formed, and it
  * shares any bits with <b>required_type</b> or <b>required_type</b>
@@ -5488,6 +5566,7 @@ parse_dir_authority_line(const char *line, dirinfo_type_t required_type,
   char v3_digest[DIGEST_LEN];
   dirinfo_type_t type = 0;
   double weight = 1.0;
+  smartlist_t *extra_dirports = smartlist_new();
 
   memset(v3_digest, 0, sizeof(v3_digest));
 
@@ -5556,6 +5635,12 @@ parse_dir_authority_line(const char *line, dirinfo_type_t required_type,
         }
         ipv6_addrport_ptr = &ipv6_addrport;
       }
+    } else if (!strcasecmpstart(flag, "upload=") ||
+               !strcasecmpstart(flag, "download=") ||
+               !strcasecmpstart(flag, "vote=")) {
+      // We'll handle these after creating the authority object.
+      smartlist_add(extra_dirports, flag);
+      flag =  NULL; // prevent double-free.
     } else {
       log_warn(LD_CONFIG, "Unrecognized flag '%s' on DirAuthority line",
                flag);
@@ -5599,6 +5684,13 @@ parse_dir_authority_line(const char *line, dirinfo_type_t required_type,
     goto err;
   }
 
+  if (validate_only) {
+    SMARTLIST_FOREACH_BEGIN(extra_dirports, const char *, cp) {
+      if (parse_dirauth_dirport(NULL, cp) < 0)
+        goto err;
+    } SMARTLIST_FOREACH_END(cp);
+  }
+
   if (!validate_only && (!required_type || required_type & type)) {
     dir_server_t *ds;
     if (required_type)
@@ -5610,16 +5702,23 @@ parse_dir_authority_line(const char *line, dirinfo_type_t required_type,
                                       ipv6_addrport_ptr,
                                       digest, v3_digest, type, weight)))
       goto err;
+
+    SMARTLIST_FOREACH_BEGIN(extra_dirports, const char *, cp) {
+      if (parse_dirauth_dirport(ds, cp) < 0)
+        goto err;
+    } SMARTLIST_FOREACH_END(cp);
     dir_server_add(ds);
   }
 
   r = 0;
   goto done;
 
-  err:
+ err:
   r = -1;
 
-  done:
+ done:
+  SMARTLIST_FOREACH(extra_dirports, char*, s, tor_free(s));
+  smartlist_free(extra_dirports);
   SMARTLIST_FOREACH(items, char*, s, tor_free(s));
   smartlist_free(items);
   tor_free(addrport);
diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h
index 151b77c457..3a1acad044 100644
--- a/src/app/config/or_options_st.h
+++ b/src/app/config/or_options_st.h
@@ -293,6 +293,13 @@ struct or_options_t {
    * disabled. */
   int CircuitPadding;
 
+  /** Boolean: if true, then this client will discard cached bridge
+   * descriptors on a setconf or other config change that impacts guards
+   * or bridges (see options_transition_affects_guards() for exactly which
+   * config changes trigger it). Useful for tools that test bridge
+   * reachability by fetching fresh descriptors. */
+  int ReconfigDropsBridgeDescs;
+
   /** Boolean: if true, then this client will only use circuit padding
    * algorithms that are known to use a low amount of overhead. If false,
    * we will use all available circuit padding algorithms.
@@ -492,6 +499,9 @@ struct or_options_t {
   struct smartlist_t *NodeFamilySets;
   struct config_line_t *AuthDirBadExit; /**< Address policy for descriptors to
                                   * mark as bad exits. */
+  /** Address policy for descriptors to mark as only suitable for the
+   * middle position in circuits. */
+  struct config_line_t *AuthDirMiddleOnly;
   struct config_line_t *AuthDirReject; /**< Address policy for descriptors to
                                  * reject. */
   struct config_line_t *AuthDirInvalid; /**< Address policy for descriptors to
@@ -505,6 +515,7 @@ struct or_options_t {
    */
   struct smartlist_t *AuthDirBadExitCCs;
   struct smartlist_t *AuthDirInvalidCCs;
+  struct smartlist_t *AuthDirMiddleOnlyCCs;
   struct smartlist_t *AuthDirRejectCCs;
   /**@}*/
 
@@ -587,6 +598,9 @@ struct or_options_t {
                            * If 0, use value from NumEntryGuards. */
   int NumPrimaryGuards; /**< How many primary guards do we want? */
 
+  /** Boolean: Switch to toggle the vanguards-lite subsystem */
+  int VanguardsLiteEnabled;
+
   int RephistTrackTime; /**< How many seconds do we keep rephist info? */
   /** Should we always fetch our dir info on the mirror schedule (which
    * means directly from the authorities) no matter our other config? */
diff --git a/src/app/include.am b/src/app/include.am
index 2e2180deca..5494d904a3 100644
--- a/src/app/include.am
+++ b/src/app/include.am
@@ -17,7 +17,6 @@ src_app_tor_SOURCES = src/app/main/tor_main.c
 src_app_tor_LDFLAGS = @TOR_LDFLAGS_zlib@ $(TOR_LDFLAGS_CRYPTLIB) \
 	@TOR_LDFLAGS_libevent@ @TOR_STATIC_LDFLAGS@
 src_app_tor_LDADD = libtor.a \
-	$(rust_ldadd) \
 	@TOR_ZLIB_LIBS@ @TOR_LIB_MATH@ @TOR_LIBEVENT_LIBS@ $(TOR_LIBS_CRYPTLIB) \
 	@TOR_LIB_WS32@ @TOR_LIB_IPHLPAPI@ @TOR_LIB_SHLWAPI@ @TOR_LIB_GDI@ @TOR_LIB_USERENV@ \
 	@CURVE25519_LIBS@ @TOR_SYSTEMD_LIBS@ \
diff --git a/src/app/main/main.c b/src/app/main/main.c
index bc9d535a07..b73d722963 100644
--- a/src/app/main/main.c
+++ b/src/app/main/main.c
@@ -27,6 +27,8 @@
 #include "core/or/channel.h"
 #include "core/or/channelpadding.h"
 #include "core/or/circuitpadding.h"
+#include "core/or/congestion_control_common.h"
+#include "core/or/congestion_control_flow.h"
 #include "core/or/circuitlist.h"
 #include "core/or/command.h"
 #include "core/or/connection_or.h"
@@ -100,12 +102,6 @@
 #include <systemd/sd-daemon.h>
 #endif /* defined(HAVE_SYSTEMD) */
 
-#ifdef HAVE_RUST
-// helper function defined in Rust to output a log message indicating if tor is
-// running with Rust enabled. See src/rust/tor_util
-void rust_log_welcome_string(void);
-#endif
-
 /********* PROTOTYPES **********/
 
 static void dumpmemusage(int severity);
@@ -609,10 +605,6 @@ tor_init(int argc, char *argv[])
     tor_compress_log_init_warnings();
   }
 
-#ifdef HAVE_RUST
-  rust_log_welcome_string();
-#endif /* defined(HAVE_RUST) */
-
   /* Warn _if_ the tracing subsystem is built in. */
   tracing_log_warning();
 
@@ -630,6 +622,8 @@ tor_init(int argc, char *argv[])
    * until we get a consensus */
   channelpadding_new_consensus_params(NULL);
   circpad_new_consensus_params(NULL);
+  congestion_control_new_consensus_params(NULL);
+  flow_control_new_consensus_params(NULL);
 
   /* Initialize circuit padding to defaults+torrc until we get a consensus */
   circpad_machines_init();
@@ -1343,6 +1337,13 @@ tor_run_main(const tor_main_configuration_t *tor_cfg)
   pubsub_connect();
 
   if (get_options()->Sandbox && get_options()->command == CMD_RUN_TOR) {
+#ifdef ENABLE_FRAGILE_HARDENING
+    log_warn(LD_CONFIG, "Sandbox is enabled but this Tor was built using "
+             "fragile compiler hardening. The sandbox may be unable to filter "
+             "requests to open files and directories and its overall "
+             "effectiveness will be reduced.");
+#endif
+
     sandbox_cfg_t* cfg = sandbox_init_filter();
 
     if (sandbox_init(cfg)) {