I love it! Nice work Karsten!<br><br><br><div class="gmail_quote">On Mon, May 19, 2008 at 2:53 PM, Karsten Loesing <<a href="mailto:karsten.loesing@gmx.net">karsten.loesing@gmx.net</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br></div>
Hi Nick,<div class="Ih2E3d"><br>
<br>
| What about having a preprocessing step on the options list that<br>
| expands PrivateTorNetwork 1 into the entire list of options it<br>
| implies? It's not an error to specify an option twice; when you do,<br>
| the second takes precedence.<br>
<br></div>
Hmm, I couldn't find the right place in the code to implement your idea.<br>
I now solved it differently: When reading configurations from torrc and<br>
the console, Tor checks if TestingTorNetwork was configured. If so,<br>
default values for dependent options are changed and the configuration<br>
is read in again. See lines 3835--3892 in config.c.<br>
<br>
I also added a hook that prevents TestingTorNetwork from being changed<br>
after Tor is started. I could not imagine why this would be useful, and<br>
therefore excluded this possibility to prevent unforeseen errors. See<br>
lines 3463--3468 in config.c.<div class="Ih2E3d"><br>
<br>
| This would mean that RESETCONF wouldn't do the right thing, though.<br>
| Perhaps a hack like the one in weasel's debian-tor user patch would<br>
| handle that better. It's still a hack, but not a totally insane hack.<br>
<br></div>
Right, that's what I've done now.<br>
<br>
<br>
In the proposal I added a section with test cases. These include all<br>
those scenarios about changing configurations that came to my mind.<br>
These tests succeeded in a patched Tor and worked fine with a patched<br>
PuppeTor using v3 directories.<div class="Ih2E3d"><br>
<br>
- --Karsten<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v1.4.6 (GNU/Linux)<br>
Comment: Using GnuPG with Mozilla - <a href="http://enigmail.mozdev.org" target="_blank">http://enigmail.mozdev.org</a><br>
<br></div>
iD8DBQFIMfbI0M+WPffBEmURAkHJAJ4pr9yyJ0I9p/iyGbMtHn0cCz3pnACfYy6h<br>
UNzjTYAbHyq4l25rd654+dM=<br>
=PYOt<br>
-----END PGP SIGNATURE-----<br>
<br>Index: /home/karsten/tor/tor-trunk-private-network/src/or/config.c<br>
===================================================================<br>
--- /home/karsten/tor/tor-trunk-private-network/src/or/config.c (revision 14671)<br>
+++ /home/karsten/tor/tor-trunk-private-network/src/or/config.c (working copy)<br>
@@ -174,6 +174,7 @@<br>
V(DataDirectory, STRING, NULL),<br>
OBSOLETE("DebugLogFile"),<br>
V(DirAllowPrivateAddresses, BOOL, NULL),<br>
+ V(DirTimeToLearnReachability, INTERVAL, "30 minutes"),<br>
V(DirListenAddress, LINELIST, NULL),<br>
OBSOLETE("DirFetchPeriod"),<br>
V(DirPolicy, LINELIST, NULL),<br>
@@ -185,6 +186,7 @@<br>
V(DownloadExtraInfo, BOOL, "0"),<br>
V(EnforceDistinctSubnets, BOOL, "1"),<br>
V(EntryNodes, STRING, NULL),<br>
+ V(EstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),<br>
V(ExcludeNodes, STRING, NULL),<br>
V(ExitNodes, STRING, NULL),<br>
V(ExitPolicy, LINELIST, NULL),<br>
@@ -243,6 +245,7 @@<br>
V(OutboundBindAddress, STRING, NULL),<br>
OBSOLETE("PathlenCoinWeight"),<br>
V(PidFile, STRING, NULL),<br>
+ V(TestingTorNetwork, BOOL, "0"),<br>
V(PreferTunneledDirConns, BOOL, "1"),<br>
V(ProtocolWarnings, BOOL, "0"),<br>
V(PublishServerDescriptor, CSV, "1"),<br>
@@ -297,6 +300,9 @@<br>
VAR("V1AuthoritativeDirectory",BOOL, V1AuthoritativeDir, "0"),<br>
VAR("V2AuthoritativeDirectory",BOOL, V2AuthoritativeDir, "0"),<br>
VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir, "0"),<br>
+ V(V3AuthInitialVotingInterval, INTERVAL, "30 minutes"),<br>
+ V(V3AuthInitialVoteDelay, INTERVAL, "5 minutes"),<br>
+ V(V3AuthInitialDistDelay, INTERVAL, "5 minutes"),<br>
V(V3AuthVotingInterval, INTERVAL, "1 hour"),<br>
V(V3AuthVoteDelay, INTERVAL, "5 minutes"),<br>
V(V3AuthDistDelay, INTERVAL, "5 minutes"),<br>
@@ -3325,6 +3331,72 @@<br>
});<br>
}<br>
<br>
+ if (options->TestingTorNetwork && !options->DirServers) {<br>
+ REJECT("TestingTorNetwork may only be configured in combination with "<br>
+ "a non-default set of DirServers.");<br>
+ }<br>
+<br>
+ if (options->V3AuthInitialVotingInterval != 30*60 &&<br>
+ !options->TestingTorNetwork) {<br>
+ REJECT("V3AuthInitialVotingInterval may only be changed in testing "<br>
+ "Tor networks!");<br>
+ } else if (options->V3AuthInitialVotingInterval < MIN_VOTE_INTERVAL) {<br>
+ REJECT("V3AuthInitialVotingInterval is insanely low.");<br>
+ } else if (options->V3AuthInitialVotingInterval > 24*60*60) {<br>
+ REJECT("V3AuthInitialVotingInterval is insanely high.");<br>
+ } else if (((30*60) % options->V3AuthInitialVotingInterval) != 0) {<br>
+ REJECT("V3AuthInitialVotingInterval does not divide evenly into "<br>
+ "30 minutes.");<br>
+ }<br>
+<br>
+ if (options->V3AuthInitialVoteDelay != 5*60 &&<br>
+ !options->TestingTorNetwork) {<br>
+ REJECT("V3AuthInitialVoteDelay may only be changed in testing "<br>
+ "Tor networks!");<br>
+ } else if (options->V3AuthInitialVoteDelay < MIN_VOTE_SECONDS) {<br>
+ REJECT("V3AuthInitialVoteDelay is way too low.");<br>
+ }<br>
+<br>
+ if (options->V3AuthInitialDistDelay != 5*60 &&<br>
+ !options->TestingTorNetwork) {<br>
+ REJECT("V3AuthInitialDistDelay may only be changed in testing "<br>
+ "Tor networks!");<br>
+ } else if (options->V3AuthInitialDistDelay < MIN_DIST_SECONDS) {<br>
+ REJECT("V3AuthInitialDistDelay is way too low.");<br>
+ }<br>
+<br>
+ if (options->V3AuthInitialVoteDelay + options->V3AuthInitialDistDelay >=<br>
+ options->V3AuthInitialVotingInterval/2) {<br>
+ REJECT("V3AuthInitialVoteDelay plus V3AuthInitialDistDelay must be "<br>
+ "less than half V3AuthInitialVotingInterval");<br>
+ }<br>
+<br>
+ if (options->DirTimeToLearnReachability != 30*60 && !options->TestingTorNetwork) {<br>
+ REJECT("DirTimeToLearnReachability may only be changed in testing "<br>
+ "Tor networks!");<br>
+ } else if (options->DirTimeToLearnReachability < 0) {<br>
+ REJECT("DirTimeToLearnReachability must be non-negative.");<br>
+ } else if (options->DirTimeToLearnReachability > 2*60*60) {<br>
+ COMPLAIN("DirTimeToLearnReachability is insanely high.");<br>
+ }<br>
+<br>
+ if (options->EstimatedDescriptorPropagationTime != 10*60 &&<br>
+ !options->TestingTorNetwork) {<br>
+ REJECT("EstimatedDescriptorPropagationTime may only be changed in "<br>
+ "testing Tor networks!");<br>
+ } else if (options->EstimatedDescriptorPropagationTime < 0) {<br>
+ REJECT("EstimatedDescriptorPropagationTime must be non-negative.");<br>
+ } else if (options->EstimatedDescriptorPropagationTime > 60*60) {<br>
+ COMPLAIN("EstimatedDescriptorPropagationTime is insanely high.");<br>
+ }<br>
+<br>
+ if (options->TestingTorNetwork) {<br>
+ log_warn(LD_CONFIG, "TestingTorNetwork is set. This will make your node "<br>
+ "almost unusable in the public Tor network, and is "<br>
+ "therefore only advised if you are building a "<br>
+ "testing Tor network!");<br>
+ }<br>
+<br>
return 0;<br>
#undef REJECT<br>
#undef COMPLAIN<br>
@@ -3388,6 +3460,12 @@<br>
return -1;<br>
}<br>
<br>
+ if (old->TestingTorNetwork != new_val->TestingTorNetwork) {<br>
+ *msg = tor_strdup("While Tor is running, changing TestingTorNetwork "<br>
+ "is not allowed.");<br>
+ return -1;<br>
+ }<br>
+<br>
return 0;<br>
}<br>
<br>
@@ -3756,6 +3834,64 @@<br>
goto err;<br>
}<br>
<br>
+ /* If this is a testing network configuration, change defaults<br>
+ * for a list of dependent config options, re-initialize newoptions<br>
+ * with the new defaults, and assign all options to it second time. */<br>
+ if (newoptions->TestingTorNetwork) {<br>
+<br>
+ /* Change defaults. */<br>
+ #define CHANGE_DEFAULT(key, val) \<br>
+ { \<br>
+ config_var_t *var = config_find_option(&options_format, key); \<br>
+ tor_assert(var); \<br>
+ var->initvalue = tor_strdup(val); \<br>
+ }<br>
+ CHANGE_DEFAULT("ServerDNSAllowBrokenResolvConf", "1");<br>
+ CHANGE_DEFAULT("DirAllowPrivateAddresses", "1");<br>
+ CHANGE_DEFAULT("EnforceDistinctSubnets", "0");<br>
+ CHANGE_DEFAULT("AssumeReachable", "1");<br>
+ CHANGE_DEFAULT("AuthDirMaxServersPerAddr", "0");<br>
+ CHANGE_DEFAULT("AuthDirMaxServersPerAuthAddr", "0");<br>
+ CHANGE_DEFAULT("ClientDNSRejectInternalAddresses", "0");<br>
+ CHANGE_DEFAULT("ExitPolicyRejectPrivate", "0");<br>
+ CHANGE_DEFAULT("V3AuthVotingInterval", "300");<br>
+ CHANGE_DEFAULT("V3AuthVoteDelay", "20");<br>
+ CHANGE_DEFAULT("V3AuthDistDelay", "20");<br>
+ CHANGE_DEFAULT("V3AuthInitialVotingInterval", "300");<br>
+ CHANGE_DEFAULT("V3AuthInitialVoteDelay", "20");<br>
+ CHANGE_DEFAULT("V3AuthInitialDistDelay", "20");<br>
+ CHANGE_DEFAULT("DirTimeToLearnReachability", "0");<br>
+ CHANGE_DEFAULT("EstimatedDescriptorPropagationTime", "0");<br>
+ #undef CHANGE_DEFAULT<br>
+<br>
+ /* Clear newoptions and re-initialize them with new defaults. */<br>
+ config_free(&options_format, newoptions);<br>
+ newoptions = tor_malloc_zero(sizeof(or_options_t));<br>
+ newoptions->_magic = OR_OPTIONS_MAGIC;<br>
+ options_init(newoptions);<br>
+ newoptions->command = command;<br>
+ newoptions->command_arg = command_arg;<br>
+<br>
+ /* Assign all options a second time. */<br>
+ retval = config_get_lines(cf, &cl);<br>
+ if (retval < 0) {<br>
+ err = SETOPT_ERR_PARSE;<br>
+ goto err;<br>
+ }<br>
+ retval = config_assign(&options_format, newoptions, cl, 0, 0, msg);<br>
+ config_free_lines(cl);<br>
+ if (retval < 0) {<br>
+ err = SETOPT_ERR_PARSE;<br>
+ goto err;<br>
+ }<br>
+ retval = config_assign(&options_format, newoptions,<br>
+ global_cmdline_options, 0, 0, msg);<br>
+ if (retval < 0) {<br>
+ err = SETOPT_ERR_PARSE;<br>
+ goto err;<br>
+ }<br>
+ }<br>
+<br>
/* Validate newoptions */<br>
if (options_validate(oldoptions, newoptions, 0, msg) < 0) {<br>
err = SETOPT_ERR_PARSE; /*XXX021 make this separate.*/<br>
Index: /home/karsten/tor/tor-trunk-private-network/src/or/dirserv.c<br>
===================================================================<br>
--- /home/karsten/tor/tor-trunk-private-network/src/or/dirserv.c (revision 14671)<br>
+++ /home/karsten/tor/tor-trunk-private-network/src/or/dirserv.c (working copy)<br>
@@ -2122,10 +2122,6 @@<br>
router->is_bad_exit = router->is_bad_directory = 0;<br>
}<br>
<br>
-/** If we've been around for less than this amount of time, our reachability<br>
- * information is not accurate. */<br>
-#define DIRSERV_TIME_TO_GET_REACHABILITY_INFO (30*60)<br>
-<br>
/** Return a new networkstatus_t* containing our current opinion. (For v3<br>
* authorities) */<br>
networkstatus_t *<br>
@@ -2155,7 +2151,7 @@<br>
tor_assert(private_key);<br>
tor_assert(cert);<br>
<br>
- if (now - time_of_process_start < DIRSERV_TIME_TO_GET_REACHABILITY_INFO)<br>
+ if (now - time_of_process_start < options->DirTimeToLearnReachability)<br>
vote_on_reachability = 0;<br>
<br>
if (resolve_my_address(LOG_WARN, options, &addr, &hostname)<0) {<br>
@@ -2241,7 +2237,7 @@<br>
last_consensus_interval = current_consensus->fresh_until -<br>
current_consensus->valid_after;<br>
else<br>
- last_consensus_interval = DEFAULT_VOTING_INTERVAL_WHEN_NO_CONSENSUS;<br>
+ last_consensus_interval = options->V3AuthInitialVotingInterval;<br>
v3_out->valid_after =<br>
dirvote_get_start_of_next_interval(now, (int)last_consensus_interval);<br>
format_iso_time(tbuf, v3_out->valid_after);<br>
Index: /home/karsten/tor/tor-trunk-private-network/src/or/dirvote.c<br>
===================================================================<br>
--- /home/karsten/tor/tor-trunk-private-network/src/or/dirvote.c (revision 14671)<br>
+++ /home/karsten/tor/tor-trunk-private-network/src/or/dirvote.c (working copy)<br>
@@ -1300,8 +1300,9 @@<br>
vote_delay = consensus->vote_seconds;<br>
dist_delay = consensus->dist_seconds;<br>
} else {<br>
- interval = DEFAULT_VOTING_INTERVAL_WHEN_NO_CONSENSUS;<br>
- vote_delay = dist_delay = 300;<br>
+ interval = options->V3AuthInitialVotingInterval;<br>
+ vote_delay = options->V3AuthInitialVoteDelay;<br>
+ dist_delay = options->V3AuthInitialDistDelay;<br>
}<br>
<br>
tor_assert(interval > 0);<br>
Index: /home/karsten/tor/tor-trunk-private-network/src/or/or.h<br>
===================================================================<br>
--- /home/karsten/tor/tor-trunk-private-network/src/or/or.h (revision 14671)<br>
+++ /home/karsten/tor/tor-trunk-private-network/src/or/or.h (working copy)<br>
@@ -2344,6 +2344,31 @@<br>
* migration purposes? */<br>
int V3AuthUseLegacyKey;<br>
<br>
+ /** The length of time that we think an initial consensus should be<br>
+ * fresh. */<br>
+ int V3AuthInitialVotingInterval;<br>
+<br>
+ /** The length of time we think it will take to distribute initial<br>
+ * votes. */<br>
+ int V3AuthInitialVoteDelay;<br>
+<br>
+ /** The length of time we think it will take to distribute initial<br>
+ * signatures. */<br>
+ int V3AuthInitialDistDelay;<br>
+<br>
+ /** If an authority has been around for less than this amount of time,<br>
+ * its reachability information is not accurate. */<br>
+ int DirTimeToLearnReachability;<br>
+<br>
+ /** Clients don't download any descriptor this recent, since it will<br>
+ * probably not have propagated to enough caches. */<br>
+ int EstimatedDescriptorPropagationTime;<br>
+<br>
+ /** If true, we take part in a testing network. Change the defaults of a<br>
+ * couple of other configuration options and allow to change the values<br>
+ * of certain configuration options. */<br>
+ int TestingTorNetwork;<br>
+<br>
/** File to check for a consensus networkstatus, if we don't have one<br>
* cached. */<br>
char *FallbackNetworkstatusFile;<br>
@@ -3186,9 +3211,6 @@<br>
/** Smallest allowable voting interval. */<br>
#define MIN_VOTE_INTERVAL 300<br>
<br>
-/** If there is no consensus, what interval do we default to? */<br>
-#define DEFAULT_VOTING_INTERVAL_WHEN_NO_CONSENSUS (30*60)<br>
-<br>
void dirvote_free_all(void);<br>
<br>
/* vote manipulation */<br>
Index: /home/karsten/tor/tor-trunk-private-network/src/or/routerlist.c<br>
===================================================================<br>
--- /home/karsten/tor/tor-trunk-private-network/src/or/routerlist.c (revision 14671)<br>
+++ /home/karsten/tor/tor-trunk-private-network/src/or/routerlist.c (working copy)<br>
@@ -3673,10 +3673,6 @@<br>
tor_free(resource);<br>
}<br>
<br>
-/** Clients don't download any descriptor this recent, since it will probably<br>
- * not have propagated to enough caches. */<br>
-#define ESTIMATED_PROPAGATION_TIME (10*60)<br>
-<br>
/** Return 0 if this routerstatus is obsolete, too new, isn't<br>
* running, or otherwise not a descriptor that we would make any<br>
* use of even if we had it. Else return 1. */<br>
@@ -3688,7 +3684,7 @@<br>
* But, if we want to have a complete list, fetch it anyway. */<br>
return 0;<br>
}<br>
- if (rs->published_on + ESTIMATED_PROPAGATION_TIME > now) {<br>
+ if (rs->published_on + options->EstimatedDescriptorPropagationTime > now) {<br>
/* Most caches probably don't have this descriptor yet. */<br>
return 0;<br>
}<br>
<br>
<br></blockquote></div><br>