[or-cvs] Implement "families" of coadministered nodes; prevent them ...
Nick Mathewson
nickm at seul.org
Fri Oct 15 01:58:14 UTC 2004
Update of /home/or/cvsroot/src/or
In directory moria.mit.edu:/tmp/cvs-serv11474/src/or
Modified Files:
circuitbuild.c config.c or.h router.c routerlist.c
routerparse.c
Log Message:
Implement "families" of coadministered nodes; prevent them all from appearing on the same circuit.
Index: circuitbuild.c
===================================================================
RCS file: /home/or/cvsroot/src/or/circuitbuild.c,v
retrieving revision 1.38
retrieving revision 1.39
diff -u -d -r1.38 -r1.39
--- circuitbuild.c 14 Oct 2004 03:44:45 -0000 1.38
+++ circuitbuild.c 15 Oct 2004 01:58:11 -0000 1.39
@@ -1080,16 +1080,16 @@
excluded = smartlist_create();
if((r = router_get_by_digest(state->chosen_exit_digest))) {
smartlist_add(excluded, r);
- routerlist_add_friends(excluded, r);
+ routerlist_add_family(excluded, r);
}
if((r = routerlist_find_my_routerinfo())) {
smartlist_add(excluded, r);
- routerlist_add_friends(excluded, r);
+ routerlist_add_family(excluded, r);
}
for (i = 0, cpath = head; i < cur_len; ++i, cpath=cpath->next) {
if((r = router_get_by_digest(cpath->identity_digest))) {
smartlist_add(excluded, r);
- routerlist_add_friends(excluded, r);
+ routerlist_add_family(excluded, r);
}
}
choice = router_choose_random_node("", options.ExcludeNodes, excluded,
@@ -1106,11 +1106,11 @@
if((r = router_get_by_digest(state->chosen_exit_digest))) {
smartlist_add(excluded, r);
- routerlist_add_friends(excluded, r);
+ routerlist_add_family(excluded, r);
}
if((r = routerlist_find_my_routerinfo())) {
smartlist_add(excluded, r);
- routerlist_add_friends(excluded, r);
+ routerlist_add_family(excluded, r);
}
if(options.FascistFirewall) {
/* exclude all ORs that listen on the wrong port */
Index: config.c
===================================================================
RCS file: /home/or/cvsroot/src/or/config.c,v
retrieving revision 1.169
retrieving revision 1.170
diff -u -d -r1.169 -r1.170
--- config.c 14 Oct 2004 10:05:22 -0000 1.169
+++ config.c 15 Oct 2004 01:58:11 -0000 1.170
@@ -244,6 +244,7 @@
config_compare(list, "FascistFirewall",CONFIG_TYPE_BOOL, &options->FascistFirewall) ||
config_compare(list, "FirewallPorts",CONFIG_TYPE_CSV, &options->FirewallPorts) ||
+ config_compare(list, "MyFamily", CONFIG_TYPE_STRING, &options->MyFamily) ||
config_compare(list, "Group", CONFIG_TYPE_STRING, &options->Group) ||
@@ -517,6 +518,7 @@
options->RendConfigLines = NULL;
options->FirewallPorts = NULL;
options->DirServers = NULL;
+ options->MyFamily = NULL;
}
static char *
@@ -554,6 +556,30 @@
#endif
}
+/** Verify whether lst is a string containing valid-looking space-separated
+ * nicknames, or NULL. Return 0 on success. Warn and return -1 on failure.
+ */
+static int check_nickname_list(const char *lst, const char *name)
+{
+ int r = 0;
+ smartlist_t *sl;
+
+ if (!lst)
+ return 0;
+ sl = smartlist_create();
+ smartlist_split_string(sl, lst, ",", SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
+ SMARTLIST_FOREACH(sl, const char *, s,
+ {
+ if (!is_legal_nickname_or_hexdigest(s)) {
+ log_fn(LOG_WARN, "Invalid nickname '%s' in %s line", s, name);
+ r = -1;
+ }
+ });
+ SMARTLIST_FOREACH(sl, char *, s, tor_free(s));
+ smartlist_free(sl);
+ return r;
+}
+
/** Read a configuration file into <b>options</b>, finding the configuration
* file location based on the command line. After loading the options,
* validate them for consistency. Return 0 if success, <0 if failure. */
@@ -838,6 +864,19 @@
}
}
+ if (check_nickname_list(options->ExitNodes, "ExitNodes"))
+ return -1;
+ if (check_nickname_list(options->EntryNodes, "EntryNodes"))
+ return -1;
+ if (check_nickname_list(options->ExcludeNodes, "ExcludeNodes"))
+ return -1;
+ if (check_nickname_list(options->RendNodes, "RendNodes"))
+ return -1;
+ if (check_nickname_list(options->RendNodes, "RendExcludeNodes"))
+ return -1;
+ if (check_nickname_list(options->MyFamily, "MyFamily"))
+ return -1;
+
clear_trusted_dir_servers();
if (!options->DirServers) {
add_default_trusted_dirservers();
@@ -848,10 +887,6 @@
}
}
- /* XXX look at the various nicknamelists and make sure they're
- * valid and don't have hostnames that are too long.
- */
-
if (rend_config_services(options) < 0) {
result = -1;
}
Index: or.h
===================================================================
RCS file: /home/or/cvsroot/src/or/or.h,v
retrieving revision 1.431
retrieving revision 1.432
diff -u -d -r1.431 -r1.432
--- or.h 14 Oct 2004 03:13:08 -0000 1.431
+++ or.h 15 Oct 2004 01:58:11 -0000 1.432
@@ -597,6 +597,8 @@
int is_verified; /**< Has a trusted dirserver validated this OR? */
int is_trusted_dir; /**< Do we trust this OR as a directory server? */
+ smartlist_t *declared_family; /**< Nicknames of router which this router
+ * claims are its family. */
} routerinfo_t;
/** Contents of a directory of onion routers. */
@@ -890,8 +892,6 @@
int NumCpus; /**< How many CPUs should we try to use? */
int RunTesting; /**< If true, create testing circuits to measure how well the
* other ORs are running. */
- struct config_line_t *TrustedDirs; /**< List of fingerprints of keys that are
- allowed to sign directories. */
struct config_line_t *RendConfigLines; /**< List of configuration lines
* for rendezvous services. */
char *ContactInfo; /**< Contact info to be published in the directory */
@@ -902,6 +902,7 @@
struct config_line_t *DirServers; /**< List of configuration lines
* for directory servers. */
+ char *MyFamily; /**< Declared family for this OR. */
} or_options_t;
/* XXX are these good enough defaults? */
@@ -1415,7 +1416,7 @@
trusted_dir_server_t *router_pick_trusteddirserver(int requireothers);
int all_trusted_directory_servers_down(void);
struct smartlist_t;
-void routerlist_add_friends(struct smartlist_t *sl, routerinfo_t *router);
+void routerlist_add_family(struct smartlist_t *sl, routerinfo_t *router);
void add_nickname_list_to_smartlist(struct smartlist_t *sl, const char *list, int warn_if_down);
routerinfo_t *routerlist_find_my_routerinfo(void);
int router_nickname_matches(routerinfo_t *router, const char *nickname);
Index: router.c
===================================================================
RCS file: /home/or/cvsroot/src/or/router.c,v
retrieving revision 1.97
retrieving revision 1.98
diff -u -d -r1.97 -r1.98
--- router.c 14 Oct 2004 04:06:24 -0000 1.97
+++ router.c 15 Oct 2004 01:58:11 -0000 1.98
@@ -552,6 +552,13 @@
ri->is_trusted_dir = authdir_mode();
if(desc_routerinfo) /* inherit values */
ri->is_verified = desc_routerinfo->is_verified;
+ if (options.MyFamily) {
+ ri->declared_family = smartlist_create();
+ smartlist_split_string(ri->declared_family, options.MyFamily, ",",
+ SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
+ } else {
+ ri->declared_family = NULL;
+ }
if (desc_routerinfo)
routerinfo_free(desc_routerinfo);
@@ -600,6 +607,7 @@
int result=0;
struct exit_policy_t *tmpe;
char *bandwidth_usage;
+ char *family_line;
#ifdef DEBUG_ROUTER_DUMP_ROUTER_TO_STRING
char *s_tmp, *s_dup;
const char *cp;
@@ -639,6 +647,16 @@
/* How busy have we been? */
bandwidth_usage = rep_hist_get_bandwidth_lines();
+ if (router->declared_family && smartlist_len(router->declared_family)) {
+ char *s = smartlist_join_strings(router->declared_family, " ", 0);
+ size_t n = strlen(s) + strlen("opt family ") + 2; /* 1 for \n, 1 for \0. */
+ family_line = tor_malloc(n);
+ snprintf(family_line, n, "opt family %s\n", s);
+ tor_free(s);
+ } else {
+ family_line = tor_strdup("");
+ }
+
/* Generate the easy portion of the router descriptor. */
result = snprintf(s, maxlen,
"router %s %s %d %d %d\n"
@@ -648,7 +666,7 @@
"opt uptime %ld\n"
"bandwidth %d %d %d\n"
"onion-key\n%s"
- "signing-key\n%s%s",
+ "signing-key\n%s%s%s",
router->nickname,
router->address,
router->or_port,
@@ -665,7 +683,7 @@
(int) router->bandwidthburst,
(int) router->bandwidthcapacity,
onion_pkey, identity_pkey,
- bandwidth_usage);
+ family_line, bandwidth_usage);
tor_free(onion_pkey);
tor_free(identity_pkey);
Index: routerlist.c
===================================================================
RCS file: /home/or/cvsroot/src/or/routerlist.c,v
retrieving revision 1.157
retrieving revision 1.158
diff -u -d -r1.157 -r1.158
--- routerlist.c 14 Oct 2004 04:06:24 -0000 1.157
+++ routerlist.c 15 Oct 2004 01:58:11 -0000 1.158
@@ -225,11 +225,28 @@
return 1;
}
-/** Add all the friends of <b>router</b> to the smartlist <b>sl</b>.
+/** Add all the family of <b>router</b> to the smartlist <b>sl</b>.
*/
-void routerlist_add_friends(smartlist_t *sl, routerinfo_t *router) {
-
+void routerlist_add_family(smartlist_t *sl, routerinfo_t *router) {
+ routerinfo_t *r;
+ if (!router->declared_family)
+ return;
+
+ /* Add every r such that router declares familyhip with r, and r
+ * declares familyhip with router. */
+ SMARTLIST_FOREACH(router->declared_family, const char *, n,
+ {
+ if (!(r = router_get_by_nickname(n)))
+ continue;
+ if (!r->declared_family)
+ continue;
+ SMARTLIST_FOREACH(r->declared_family, const char *, n2,
+ {
+ if (router_nickname_matches(router, n2))
+ smartlist_add(sl, r);
+ });
+ });
}
/** Given a comma-and-whitespace separated list of nicknames, see which
@@ -583,6 +600,10 @@
crypto_free_pk_env(router->onion_pkey);
if (router->identity_pkey)
crypto_free_pk_env(router->identity_pkey);
+ if (router->declared_family) {
+ SMARTLIST_FOREACH(router->declared_family, char *, s, tor_free(s));
+ smartlist_free(router->declared_family);
+ }
exit_policy_free(router->exit_policy);
tor_free(router);
}
@@ -611,6 +632,11 @@
(*e)->string = tor_strdup((*e)->string);
e = & ((*e)->next);
}
+ if (r->declared_family) {
+ r->declared_family = smartlist_create();
+ SMARTLIST_FOREACH(router->declared_family, const char *, s,
+ smartlist_add(r->declared_family, tor_strdup(s)));
+ }
return r;
}
Index: routerparse.c
===================================================================
RCS file: /home/or/cvsroot/src/or/routerparse.c,v
retrieving revision 1.56
retrieving revision 1.57
diff -u -d -r1.56 -r1.57
--- routerparse.c 14 Oct 2004 04:31:40 -0000 1.56
+++ routerparse.c 15 Oct 2004 01:58:11 -0000 1.57
@@ -41,6 +41,7 @@
K_NETWORK_STATUS,
K_UPTIME,
K_DIR_SIGNING_KEY,
+ K_FAMILY,
_UNRECOGNIZED,
_ERR,
_EOF,
@@ -115,6 +116,7 @@
{ "network-status", K_NETWORK_STATUS, NO_ARGS, NO_OBJ, DIR_ONLY },
{ "uptime", K_UPTIME, ARGS, NO_OBJ, RTR_ONLY },
{ "dir-signing-key", K_DIR_SIGNING_KEY, ARGS, OBJ_OK, DIR_ONLY },
+ { "family", K_FAMILY, ARGS, NO_OBJ, RTR_ONLY },
{ NULL, -1, NO_ARGS, NO_OBJ, ANY }
};
@@ -769,6 +771,7 @@
router = tor_malloc_zero(sizeof(routerinfo_t));
router->onion_pkey = router->identity_pkey = NULL;
+ router->declared_family = NULL;
ports_set = bw_set = 0;
if (tok->n_args == 2 || tok->n_args == 5 || tok->n_args == 6) {
@@ -876,6 +879,19 @@
log_fn(LOG_WARN,"Error in exit policy"); goto err;}
);
+
+ if ((tok = find_first_by_keyword(tokens, K_FAMILY)) && tok->n_args) {
+ int i;
+ router->declared_family = smartlist_create();
+ for (i=0;i<tok->n_args;++i) {
+ if (!is_legal_nickname_or_hexdigest(tok->args[i])) {
+ log_fn(LOG_WARN, "Illegal nickname %s in family line", tok->args[i]);
+ goto err;
+ }
+ smartlist_add(router->declared_family, tor_strdup(tok->args[i]));
+ }
+ }
+
if (!(tok = find_first_by_keyword(tokens, K_ROUTER_SIGNATURE))) {
log_fn(LOG_WARN, "Missing router signature"); goto err;
}
More information about the tor-commits
mailing list