[tor-commits] [tor/master] Remove dirauth support for the BadDirectory flag
nickm at torproject.org
nickm at torproject.org
Tue Sep 9 15:54:48 UTC 2014
commit 8099dee99234519a76580bb9ae479a878b7a45e0
Author: Sebastian Hahn <sebastian at torproject.org>
Date: Fri Sep 5 01:37:25 2014 +0200
Remove dirauth support for the BadDirectory flag
Implements the first half of #13060. The second half will be to remove
client support, too.
---
changes/bug13060 | 4 ++++
doc/tor.1.txt | 22 ++++------------------
src/or/config.c | 6 +++---
src/or/dirserv.c | 29 ++++-------------------------
src/or/dirvote.h | 2 +-
src/or/networkstatus.c | 2 +-
src/or/or.h | 7 +------
src/or/policies.c | 22 ----------------------
src/or/policies.h | 1 -
9 files changed, 18 insertions(+), 77 deletions(-)
diff --git a/changes/bug13060 b/changes/bug13060
new file mode 100644
index 0000000..7abc196
--- /dev/null
+++ b/changes/bug13060
@@ -0,0 +1,4 @@
+ o Removed features:
+ - Directory authorities do not support giving out the BadDirectory
+ flag anymore.
+
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 27fc6bb..d6b1432 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -1884,20 +1884,15 @@ on the public Tor network.
elements. Otherwise, if the address is not an IP address or is a private IP
address, it will reject the router descriptor. (Default: 0)
-[[AuthDirBadDir]] **AuthDirBadDir** __AddressPattern...__::
+[[AuthDirBadExit]] **AuthDirBadExit** __AddressPattern...__::
Authoritative directories only. A set of address patterns for servers that
- will be listed as bad directories in any network status document this
- authority publishes, if **AuthDirListBadDirs** is set. +
+ will be listed as bad exits in any network status document this authority
+ publishes, if **AuthDirListBadExits** is set.
+
(The address pattern syntax here and in the options below
is the same as for exit policies, except that you don't need to say
"accept" or "reject", and ports are not needed.)
-[[AuthDirBadExit]] **AuthDirBadExit** __AddressPattern...__::
- Authoritative directories only. A set of address patterns for servers that
- will be listed as bad exits in any network status document this authority
- publishes, if **AuthDirListBadExits** is set.
-
[[AuthDirInvalid]] **AuthDirInvalid** __AddressPattern...__::
Authoritative directories only. A set of address patterns for servers that
will never be listed as "valid" in any network status document that this
@@ -1909,8 +1904,6 @@ on the public Tor network.
authority publishes, or accepted as an OR address in any descriptor
submitted for publication by this authority.
-[[AuthDirBadDirCCs]] **AuthDirBadDirCCs** __CC__,... +
-
[[AuthDirBadExitCCs]] **AuthDirBadExitCCs** __CC__,... +
[[AuthDirInvalidCCs]] **AuthDirInvalidCCs** __CC__,... +
@@ -1918,16 +1911,9 @@ on the public Tor network.
[[AuthDirRejectCCs]] **AuthDirRejectCCs** __CC__,...::
Authoritative directories only. These options contain a comma-separated
list of country codes such that any server in one of those country codes
- will be marked as a bad directory/bad exit/invalid for use, or rejected
+ will be marked as a bad exit/invalid for use, or rejected
entirely.
-[[AuthDirListBadDirs]] **AuthDirListBadDirs** **0**|**1**::
- Authoritative directories only. If set to 1, this directory has some
- opinion about which nodes are unsuitable as directory caches. (Do not set
- this to 1 unless you plan to list non-functioning directories as bad;
- otherwise, you are effectively voting in favor of every declared
- directory.)
-
[[AuthDirListBadExits]] **AuthDirListBadExits** **0**|**1**::
Authoritative directories only. If set to 1, this directory has some
opinion about which nodes are unsuitable as exit nodes. (Do not set this to
diff --git a/src/or/config.c b/src/or/config.c
index 23e8eb2..ba9c944 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -140,8 +140,8 @@ static config_var_t option_vars_[] = {
V(AlternateDirAuthority, LINELIST, NULL),
OBSOLETE("AlternateHSAuthority"),
V(AssumeReachable, BOOL, "0"),
- V(AuthDirBadDir, LINELIST, NULL),
- V(AuthDirBadDirCCs, CSV, ""),
+ OBSOLETE("AuthDirBadDir"),
+ OBSOLETE("AuthDirBadDirCCs"),
V(AuthDirBadExit, LINELIST, NULL),
V(AuthDirBadExitCCs, CSV, ""),
V(AuthDirInvalid, LINELIST, NULL),
@@ -151,7 +151,7 @@ static config_var_t option_vars_[] = {
V(AuthDirReject, LINELIST, NULL),
V(AuthDirRejectCCs, CSV, ""),
OBSOLETE("AuthDirRejectUnlisted"),
- V(AuthDirListBadDirs, BOOL, "0"),
+ OBSOLETE("AuthDirListBadDirs"),
V(AuthDirListBadExits, BOOL, "0"),
V(AuthDirMaxServersPerAddr, UINT, "2"),
V(AuthDirMaxServersPerAuthAddr,UINT, "5"),
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index 3a1277d..d96867b 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -76,7 +76,7 @@ static uint32_t dirserv_get_credible_bandwidth_kb(const routerinfo_t *ri);
/* 1 Historically used to indicate Named */
#define FP_INVALID 2 /**< Believed invalid. */
#define FP_REJECT 4 /**< We will not publish this router. */
-#define FP_BADDIR 8 /**< We'll tell clients to avoid using this as a dir. */
+/* 8 Historically used to avoid using this as a dir. */
#define FP_BADEXIT 16 /**< We'll tell clients not to use this as an exit. */
/* 32 Historically used to indicade Unnamed */
@@ -209,8 +209,6 @@ dirserv_load_fingerprint_file(void)
}
if (!strcasecmp(nickname, "!reject")) {
add_status = FP_REJECT;
- } else if (!strcasecmp(nickname, "!baddir")) {
- add_status = FP_BADDIR;
} else if (!strcasecmp(nickname, "!badexit")) {
add_status = FP_BADEXIT;
} else if (!strcasecmp(nickname, "!invalid")) {
@@ -309,14 +307,6 @@ dirserv_get_status_impl(const char *id_digest, const char *nickname,
*msg = "Fingerprint is marked invalid";
}
- if (authdir_policy_baddir_address(addr, or_port)) {
- if (should_log)
- log_info(LD_DIRSERV,
- "Marking '%s' as bad directory because of address '%s'",
- nickname, fmt_addr32(addr));
- result |= FP_BADDIR;
- }
-
if (authdir_policy_badexit_address(addr, or_port)) {
if (should_log)
log_info(LD_DIRSERV, "Marking '%s' as bad exit because of address '%s'",
@@ -443,7 +433,6 @@ dirserv_set_node_flags_from_authoritative_status(node_t *node,
uint32_t authstatus)
{
node->is_valid = (authstatus & FP_INVALID) ? 0 : 1;
- node->is_bad_directory = (authstatus & FP_BADDIR) ? 1 : 0;
node->is_bad_exit = (authstatus & FP_BADEXIT) ? 1 : 0;
}
@@ -694,11 +683,6 @@ directory_remove_invalid(void)
(r&FP_INVALID) ? "in" : "");
node->is_valid = (r&FP_INVALID)?0:1;
}
- if (bool_neq((r & FP_BADDIR), node->is_bad_directory)) {
- log_info(LD_DIRSERV, "Router '%s' is now a %s directory", description,
- (r & FP_BADDIR) ? "bad" : "good");
- node->is_bad_directory = (r&FP_BADDIR) ? 1: 0;
- }
if (bool_neq((r & FP_BADEXIT), node->is_bad_exit)) {
log_info(LD_DIRSERV, "Router '%s' is now a %s exit", description,
(r & FP_BADEXIT) ? "bad" : "good");
@@ -1843,10 +1827,9 @@ routerstatus_format_entry(const routerstatus_t *rs, const char *version,
goto done;
smartlist_add_asprintf(chunks,
- "s%s%s%s%s%s%s%s%s%s%s%s\n",
+ "s%s%s%s%s%s%s%s%s%s%s\n",
/* These must stay in alphabetical order. */
rs->is_authority?" Authority":"",
- rs->is_bad_directory?" BadDirectory":"",
rs->is_bad_exit?" BadExit":"",
rs->is_exit?" Exit":"",
rs->is_fast?" Fast":"",
@@ -2123,7 +2106,7 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs,
routerinfo_t *ri,
time_t now,
int listbadexits,
- int listbaddirs, int vote_on_hsdirs)
+ int vote_on_hsdirs)
{
const or_options_t *options = get_options();
uint32_t routerbw_kb = dirserv_get_credible_bandwidth_kb(ri);
@@ -2165,7 +2148,6 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs,
rs->is_possible_guard = 1;
}
- rs->is_bad_directory = listbaddirs && node->is_bad_directory;
rs->is_bad_exit = listbadexits && node->is_bad_exit;
node->is_hs_dir = dirserv_thinks_router_is_hs_dir(ri, node, now);
rs->is_hs_dir = vote_on_hsdirs && node->is_hs_dir;
@@ -2399,7 +2381,6 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key,
char identity_digest[DIGEST_LEN];
char signing_key_digest[DIGEST_LEN];
int listbadexits = options->AuthDirListBadExits;
- int listbaddirs = options->AuthDirListBadDirs;
int vote_on_hsdirs = options->VoteOnHidServDirectoriesV2;
routerlist_t *rl = router_get_routerlist();
time_t now = time(NULL);
@@ -2491,7 +2472,7 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key,
vrs = tor_malloc_zero(sizeof(vote_routerstatus_t));
rs = &vrs->status;
set_routerstatus_from_routerinfo(rs, node, ri, now,
- listbadexits, listbaddirs,
+ listbadexits,
vote_on_hsdirs);
if (digestmap_get(omit_as_sybil, ri->cache_info.identity_digest))
@@ -2573,8 +2554,6 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key,
0, SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
if (vote_on_reachability)
smartlist_add(v3_out->known_flags, tor_strdup("Running"));
- if (listbaddirs)
- smartlist_add(v3_out->known_flags, tor_strdup("BadDirectory"));
if (listbadexits)
smartlist_add(v3_out->known_flags, tor_strdup("BadExit"));
if (vote_on_hsdirs)
diff --git a/src/or/dirvote.h b/src/or/dirvote.h
index b27ce01..7fa4010 100644
--- a/src/or/dirvote.h
+++ b/src/or/dirvote.h
@@ -101,7 +101,7 @@ void set_routerstatus_from_routerinfo(routerstatus_t *rs,
node_t *node,
routerinfo_t *ri, time_t now,
int listbadexits,
- int listbaddirs, int vote_on_hsdirs);
+ int vote_on_hsdirs);
networkstatus_t *
dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key,
authority_cert_t *cert);
diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c
index 026b988..220faf0 100644
--- a/src/or/networkstatus.c
+++ b/src/or/networkstatus.c
@@ -1655,7 +1655,7 @@ networkstatus_getinfo_by_purpose(const char *purpose_string, time_t now)
if (bridge_auth && ri->purpose == ROUTER_PURPOSE_BRIDGE)
dirserv_set_router_is_running(ri, now);
/* then generate and write out status lines for each of them */
- set_routerstatus_from_routerinfo(&rs, node, ri, now, 0, 0, 0);
+ set_routerstatus_from_routerinfo(&rs, node, ri, now, 0, 0);
smartlist_add(statuses, networkstatus_getinfo_helper_single(&rs));
} SMARTLIST_FOREACH_END(ri);
diff --git a/src/or/or.h b/src/or/or.h
index 25a8b48..6ef71e9 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -3742,8 +3742,6 @@ typedef struct {
config_line_t *NodeFamilies; /**< List of config lines for
* node families */
smartlist_t *NodeFamilySets; /**< List of parsed NodeFamilies values. */
- config_line_t *AuthDirBadDir; /**< Address policy for descriptors to
- * mark as bad dir mirrors. */
config_line_t *AuthDirBadExit; /**< Address policy for descriptors to
* mark as bad exits. */
config_line_t *AuthDirReject; /**< Address policy for descriptors to
@@ -3752,19 +3750,16 @@ typedef struct {
* never mark as valid. */
/** @name AuthDir...CC
*
- * Lists of country codes to mark as BadDir, BadExit, or Invalid, or to
+ * Lists of country codes to mark as BadExit, or Invalid, or to
* reject entirely.
*
* @{
*/
- smartlist_t *AuthDirBadDirCCs;
smartlist_t *AuthDirBadExitCCs;
smartlist_t *AuthDirInvalidCCs;
smartlist_t *AuthDirRejectCCs;
/**@}*/
- int AuthDirListBadDirs; /**< True iff we should list bad dirs,
- * and vote for all other dir mirrors as good. */
int AuthDirListBadExits; /**< True iff we should list bad exits,
* and vote for all other exits as good. */
int AuthDirMaxServersPerAddr; /**< Do not permit more than this
diff --git a/src/or/policies.c b/src/or/policies.c
index adc286a..535271b 100644
--- a/src/or/policies.c
+++ b/src/or/policies.c
@@ -29,9 +29,6 @@ static smartlist_t *authdir_reject_policy = NULL;
* to be marked as valid in our networkstatus. */
static smartlist_t *authdir_invalid_policy = NULL;
/** Policy that addresses for incoming router descriptors must <b>not</b>
- * match in order to not be marked as BadDirectory. */
-static smartlist_t *authdir_baddir_policy = NULL;
-/** Policy that addresses for incoming router descriptors must <b>not</b>
* match in order to not be marked as BadExit. */
static smartlist_t *authdir_badexit_policy = NULL;
@@ -400,17 +397,6 @@ authdir_policy_valid_address(uint32_t addr, uint16_t port)
return !addr_is_in_cc_list(addr, get_options()->AuthDirInvalidCCs);
}
-/** Return 1 if <b>addr</b>:<b>port</b> should be marked as a bad dir,
- * based on <b>authdir_baddir_policy</b>. Else return 0.
- */
-int
-authdir_policy_baddir_address(uint32_t addr, uint16_t port)
-{
- if (! addr_policy_permits_address(addr, port, authdir_baddir_policy))
- return 1;
- return addr_is_in_cc_list(addr, get_options()->AuthDirBadDirCCs);
-}
-
/** Return 1 if <b>addr</b>:<b>port</b> should be marked as a bad exit,
* based on <b>authdir_badexit_policy</b>. Else return 0.
*/
@@ -455,9 +441,6 @@ validate_addr_policies(const or_options_t *options, char **msg)
if (parse_addr_policy(options->AuthDirInvalid, &addr_policy,
ADDR_POLICY_REJECT))
REJECT("Error in AuthDirInvalid entry.");
- if (parse_addr_policy(options->AuthDirBadDir, &addr_policy,
- ADDR_POLICY_REJECT))
- REJECT("Error in AuthDirBadDir entry.");
if (parse_addr_policy(options->AuthDirBadExit, &addr_policy,
ADDR_POLICY_REJECT))
REJECT("Error in AuthDirBadExit entry.");
@@ -535,9 +518,6 @@ policies_parse_from_options(const or_options_t *options)
if (load_policy_from_option(options->AuthDirInvalid, "AuthDirInvalid",
&authdir_invalid_policy, ADDR_POLICY_REJECT) < 0)
ret = -1;
- if (load_policy_from_option(options->AuthDirBadDir, "AuthDirBadDir",
- &authdir_baddir_policy, ADDR_POLICY_REJECT) < 0)
- ret = -1;
if (load_policy_from_option(options->AuthDirBadExit, "AuthDirBadExit",
&authdir_badexit_policy, ADDR_POLICY_REJECT) < 0)
ret = -1;
@@ -1766,8 +1746,6 @@ policies_free_all(void)
authdir_reject_policy = NULL;
addr_policy_list_free(authdir_invalid_policy);
authdir_invalid_policy = NULL;
- addr_policy_list_free(authdir_baddir_policy);
- authdir_baddir_policy = NULL;
addr_policy_list_free(authdir_badexit_policy);
authdir_badexit_policy = NULL;
diff --git a/src/or/policies.h b/src/or/policies.h
index 5f81912..da1feaf 100644
--- a/src/or/policies.h
+++ b/src/or/policies.h
@@ -27,7 +27,6 @@ int dir_policy_permits_address(const tor_addr_t *addr);
int socks_policy_permits_address(const tor_addr_t *addr);
int authdir_policy_permits_address(uint32_t addr, uint16_t port);
int authdir_policy_valid_address(uint32_t addr, uint16_t port);
-int authdir_policy_baddir_address(uint32_t addr, uint16_t port);
int authdir_policy_badexit_address(uint32_t addr, uint16_t port);
int validate_addr_policies(const or_options_t *options, char **msg);
More information about the tor-commits
mailing list