summaryrefslogtreecommitdiff
path: root/src/feature/dirauth
AgeCommit message (Collapse)Author
2023-03-12Update 3 filesnonameformee
- /src/feature/dirauth/process_descs.c - /src/test/test_process_descs.c - /changes/ticket40760
2023-03-07Merge branch 'maint-0.4.7'David Goulet
2023-02-13vote AuthDirMaxServersPerAddr in consensus paramsRoger Dingledine
Directory authorities now include their AuthDirMaxServersPerAddr config option in the consensus parameter section of their vote. Now external tools can better predict how they will behave. In particular, the value should make its way to the https://consensus-health.torproject.org/#consensusparams page. Once enough dir auths vote this param, they should also compute a consensus value for it in the consensus document. Nothing uses this consensus value yet, but we could imagine having dir auths consult it in the future. Implements ticket 40753.
2023-01-12Merge branch 'maint-0.4.7'David Goulet
2023-01-12dirauth: Reject 0.4.6.x series at the authority levelDavid Goulet
Closes #40664 Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-12-21Add back comments about Stable/familiar decayGeorg Koppen
Closes: #40734.
2022-10-26Merge branch 'maint-0.4.7'David Goulet
2022-10-24back out most of commit b7992d4fRoger Dingledine
The AuthDirDontVoteOnDirAuthBandwidth torrc option never worked, and it was implemented in a way that could have produced consensus conflicts if it had. Resolves bug 40700.
2022-08-09Merge branch 'maint-0.4.7'David Goulet
2022-08-09dirauth: Make voting flag threshold tunable via torrcDavid Goulet
Remove UPTIME_TO_GUARANTEE_STABLE, MTBF_TO_GUARANTEE_STABLE, TIME_KNOWN_TO_GUARANTEE_FAMILIAR WFU_TO_GUARANTEE_GUARD and replace each of them with a tunnable torrc option. Related to #40652 Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-08-04dirauth: Add a AuthDirVoteGuard to pin Guard flagsDavid Goulet
Related to #40652 Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-06-16Don't add redundant quotes with escaped() in log messages.Nick Mathewson
The escaped() function and its kin already wrap their output in quotes: there's no reason to do so twice. I am _NOT_ making a corresponding change in calls that make the same mistake in controller-related functions, however, due to the risk of a compatibility break. :( Closes #22723.
2022-05-16Merge branch 'tor-gitlab/mr/489'David Goulet
2022-03-31document running_long_enough_to_decide_unreachable()Roger Dingledine
It came as a surprise that Serge, the bridge authority, omits the Running flag for all bridges in its first 30 minutes after a restart: https://bugs.torproject.org/tpo/anti-censorship/rdsys/102 The fix we're doing for now is to accept it as correct behavior in Tor, and change all the supporting tools to be able to handle bridge networkstatus docs that have no Running bridges. I'm documenting it here inside Tor too so the next person might not be so surprised.
2022-02-16dirauth: Reject EOL 0.3.5.x relaysDavid Goulet
Closes #40559 Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-11-09Implement proposal 275: don't put "published" times in md consensusNick Mathewson
When a new consensus method is negotiated, these values will all get replaced with "2038-01-01 00:00:00". This change should be safe because: * As of 0.2.9.11 / 0.3.0.7 / 0.3.1.1-alpha, Tor takes no action about published_on times in the future. * The only remaining parties relying on published_on values are (we believe) relays running 0.3.5.x, which rely on the values in a NS consensus to see whether their descriptors are out of date. But this patch only changes microdesc consensuses. * The latest Tor no longer looks at this field in consensuses. Why make this change? In experiments, replacing these values with a fixed value made the size of compressed consensus diffs much much smaller. (Like, by over 50%!) Implements proposal 275; Implements #40130.
2021-11-09Move published_on from routerstatus_t to vote_routerstatus_t.Nick Mathewson
Nothing breaks here, since all non-voting users of routerstatus_t.published_on have been adjusted or removed in previous commits. We have to expand the API of routerstatus_format_entry() a bit, though, so that it can always get a published time as argument, since it can't get it from the routerstatus any more. This should have no effect on voter behavior.
2021-11-05Merge branch 'maint-0.4.6'David Goulet
2021-11-05Merge branch 'maint-0.4.5' into maint-0.4.6David Goulet
2021-11-05protover: Fix merge forward from 035David Goulet
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-11-05Merge branch 'maint-0.3.5' into maint-0.4.5David Goulet
2021-11-05protover: Move all hardcoded lists in one placeDavid Goulet
This also moves the warnings and add some theatrical effect around the code so anyone modifying those list should notice the warnings signs and read the comment accordingly. Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-11-05Add scary warnings about changing the protover list.Nick Mathewson
Doing this in the wrong way has potential to cause serious havoc on the network, so let's make it harder for future programmers to mess it up.
2021-10-21Merge branch 'tor-gitlab/mr/452_squashed' into mainAlexander Færøy
2021-10-21Add a new consensus method to handle MiddleOnly specially.Nick Mathewson
When this method is in place, then any relay which is assigned MiddleOnly has Exit, V2Dir, Guard, and HSDir cleared (and has BadExit set if appropriate).
2021-10-21Implement a MiddleOnly flag for vote generation.Nick Mathewson
This proposal implements part of Prop335; it's based on a patch from Neel Chauhan. When configured to do so, authorities will assign a MiddleOnly flag to certain relays. Any relay which an authority gives this flag will not get Exit, V2Dir, Guard, or HSDir, and might get BadExit if the authority votes for that one.
2021-10-21Merge remote-tracking branch 'tor-gitlab/mr/442' into mainAlexander Færøy
2021-10-08dirauth: Reject EOL relaysDavid Goulet
Series 0.4.2.x, 0.4.3.x and 0.4.4.x will all be rejected at the authority level at this commit. Futhermore, the 0.4.5.x alphas and rc will also be rejected. Closes #40480 Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-09-27bwauth: Add AuthDirDontVoteOnDirAuthBandwidth option to avoid giving weights ↵Neel Chauhan
to dirauths
2021-03-24fix up the keypinning commentsRoger Dingledine
2021-03-15Merge branch 'maint-0.4.4' into maint-0.4.5Nick Mathewson
2021-03-15Merge branch 'maint-0.4.5'Nick Mathewson
2021-03-15Merge branch 'maint-0.3.5' into maint-0.4.4Nick Mathewson
2021-03-15Fix detection of point to insert signatures on a pending consensus.Nick Mathewson
We were looking for the first instance of "directory-signature " when instead the correct behavior is to look for the first instance of "directory-signature " at the start of a line. Unfortunately, this can be exploited as to crash authorities while they're voting. Fixes #40316; bugfix on 0.2.2.4-alpha. This is TROVE-2021-002, also tracked as CVE-2021-28090.
2021-03-12Update copyrights to 2021, using "make update-copyright"Nick Mathewson
2021-02-19Make dirauths vote the Sybil flag when other flags are zeroed outNeel Chauhan
2021-02-03Add missing newline between get_all_possible_sybil() and version_from_platform()Neel Chauhan
2021-01-21Merge branch 'maint-0.4.5'David Goulet
2021-01-21log more during consensus voting processRoger Dingledine
Give more visibility to directory authority operators during the consensus voting process. Closes ticket 40245.
2021-01-21dir auths write consensuses to disk after creationRoger Dingledine
This step happens after we make each consensus flavor, and before we worry about sigs or anything. That way if Tor crashes, or if we fail to get enough sigs, we still have a chance to know what consensus we wanted to make.
2021-01-21log more about testing incoming relay descriptorsRoger Dingledine
2021-01-19Merge branch 'maint-0.4.5'Nick Mathewson
2021-01-15Revert "IPv6 sybil: consider addresses in the same /64 to be equal."David Goulet
This reverts commit d07f17f67685d75fec8a851b3ae3d157c1e31aa3. We don't want to consider an entire routable IPv6 network as sybil if more than 2 relays happen to be on it. For path selection it is very important but not for selecting relays in the consensus. Fixes #40243
2021-01-13New consensus method to find bwweightscale & maxunmeasuredbw correctly.Nick Mathewson
Our original code for parsing these parameters out of our list of parameters pre-dated us having the dirvote_get_intermediate_param_value() function... and it was buggy. Specifically, it would reject any " ... K=V ..." value where there were additional unconverted characters after the V, and use the default value instead, We haven't run into this yet because we've never voted for bwweightscale to be anything besides the default 10000, or maxunmeasuredbw to be anything besides the default 20. This requires a new consensus method because it is a change in how consensuses are computed. Fixes bug 19011; bugfix on 0.2.2.10-alpha.
2020-11-12Fix typos.Samanta Navarro
Typos found with codespell. Please keep in mind that this should have impact on actual code and must be carefully evaluated: src/core/or/lttng_circuit.inc - ctf_enum_value("CONTROLER", CIRCUIT_PURPOSE_CONTROLLER) + ctf_enum_value("CONTROLLER", CIRCUIT_PURPOSE_CONTROLLER)
2020-10-27Merge branch 'tor-gitlab/mr/176' into maint-0.4.4David Goulet
2020-10-27Merge branch 'tor-gitlab/mr/176'David Goulet
2020-10-26Merge branch 'maint-0.4.4'Nick Mathewson
2020-10-23Update required/recommended protocol lists more systematicallyNick Mathewson
First I began with a set of candidates: The client's _required_ list starts with all the protocols supported by every release in 0.2.9-stable through current master. The client's _required_ list starts with all the protocols supported by every release in 0.3.5-stable through current master. Everybody's _recommended_ list starts with all the protocols supported by every release in 0.3.5-stable through current master. Then I removed the protocol versions that we do not actually want to require or recommend: DirCache=1 (deprecated) HSDir=1, HSIntro=1-3, HSRend=1 (deprecated) (All HS* protocol requirements for clients) Link=1-3 (deprecated) LinkAuth=1 (obsolete) Relay=1 (obsolete)
2020-10-22Turn ConsensusParams into a LinelistRoger Dingledine
Make it possible to specify multiple ConsensusParams torrc lines. Now directory authority operators can for example put the main ConsensusParams config in one torrc file and then add to it from a different torrc file. Closes ticket 40164.