[tor-commits] [tor/maint-0.2.4] Add a DisableV2DirectoryInfo_ option to 404 all v2 ns requests
nickm at torproject.org
nickm at torproject.org
Mon Mar 11 03:03:13 UTC 2013
commit e4614d30e58007be1d44613d039891b6f131f50f
Author: Nick Mathewson <nickm at torproject.org>
Date: Wed Nov 28 11:09:37 2012 -0500
Add a DisableV2DirectoryInfo_ option to 404 all v2 ns requests
I have no idea whether b0rken clients will DoS the network if the v2
authorities all turn this on or not. It's experimental. See #6783 for
a description of how to test it more or less safely, and please be
careful!
---
changes/6783_big_hammer | 6 ++++++
src/or/config.c | 1 +
src/or/directory.c | 13 +++++++++++++
src/or/or.h | 10 ++++++++++
4 files changed, 30 insertions(+), 0 deletions(-)
diff --git a/changes/6783_big_hammer b/changes/6783_big_hammer
new file mode 100644
index 0000000..2ff3249
--- /dev/null
+++ b/changes/6783_big_hammer
@@ -0,0 +1,6 @@
+ o Major features (deprecation):
+ - There's now a "DisableV2DirectoryInfo_" option that prevents us
+ from serving any directory requests for v2 directory information.
+ This is for us to test disabling the old deprecated V2 directory
+ format, so that we can see whether doing so has any effect on
+ network load. Part of a fix for bug 6783.
diff --git a/src/or/config.c b/src/or/config.c
index f888426..7e020b8 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -213,6 +213,7 @@ static config_var_t option_vars_[] = {
V(DisableAllSwap, BOOL, "0"),
V(DisableDebuggerAttachment, BOOL, "1"),
V(DisableIOCP, BOOL, "1"),
+ V(DisableV2DirectoryInfo_, BOOL, "1"),
V(DynamicDHGroups, BOOL, "0"),
VPORT(DNSPort, LINELIST, NULL),
V(DNSListenAddress, LINELIST, NULL),
diff --git a/src/or/directory.c b/src/or/directory.c
index 6b61fc6..38a423c 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -2805,6 +2805,19 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
const char *key = url + strlen("/tor/status/");
long lifetime = NETWORKSTATUS_CACHE_LIFETIME;
+ if (options->DisableV2DirectoryInfo_ && !is_v3) {
+ static ratelim_t reject_v2_ratelim = RATELIM_INIT(1800);
+ char *m;
+ write_http_status_line(conn, 404, "Not found");
+ smartlist_free(dir_fps);
+ geoip_note_ns_response(GEOIP_REJECT_NOT_FOUND);
+ if ((m = rate_limit_log(&reject_v2_ratelim, approx_time()))) {
+ log_notice(LD_DIR, "Rejected a v2 networkstatus request.%s", m);
+ tor_free(m);
+ }
+ goto done;
+ }
+
if (!is_v3) {
dirserv_get_networkstatus_v2_fingerprints(dir_fps, key);
if (!strcmpstart(key, "fp/"))
diff --git a/src/or/or.h b/src/or/or.h
index 45eb467..0f5dbd6 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -3999,6 +3999,16 @@ typedef struct {
/** Fraction: */
double PathsNeededToBuildCircuits;
+
+ /** Do we serve v2 directory info at all? This is a temporary option, since
+ * we'd like to disable v2 directory serving entirely, but we need a way to
+ * make it temporarily disableable, in order to do fast testing and be
+ * able to turn it back on if it turns out to be non-workable.
+ *
+ * XXXX024 Don't actually leave this in.
+ */
+ int DisableV2DirectoryInfo_;
+
} or_options_t;
/** Persistent state for an onion router, as saved to disk. */
More information about the tor-commits
mailing list