Ticket #2355: tor-strict_bridges.patch

File tor-strict_bridges.patch, 15.9 KB (added by anonym, 8 years ago)

Makes UseBridges a tristate, Tor can start in an idle state awaiting bridges, and bridge settings are followed more strictly.

  • src/or/circuitbuild.c

    diff -Naur tor-0.2.2.22-alpha.old/src/or/circuitbuild.c tor-0.2.2.22-alpha/src/or/circuitbuild.c
    old new  
    32943294    *reason = "unlisted";
    32953295  else if (!ri->is_running)
    32963296    *reason = "down";
    3297   else if (options->UseBridges && ri->purpose != ROUTER_PURPOSE_BRIDGE)
     3297  else if (options->EffectiveUseBridges &&
     3298           ri->purpose != ROUTER_PURPOSE_BRIDGE)
    32983299    *reason = "not a bridge";
    3299   else if (!options->UseBridges && !ri->is_possible_guard &&
     3300  else if (!options->EffectiveUseBridges && !ri->is_possible_guard &&
    33003301           !routerset_contains_router(options->EntryNodes,ri))
    33013302    *reason = "not recommended as a guard";
    33023303  else if (routerset_contains_router(options->ExcludeNodes, ri))
     
    33803381    *msg = "no descriptor";
    33813382    return NULL;
    33823383  }
    3383   if (get_options()->UseBridges && r->purpose != ROUTER_PURPOSE_BRIDGE) {
     3384  if (options->EffectiveUseBridges &&
     3385      r->purpose != ROUTER_PURPOSE_BRIDGE) {
    33843386    *msg = "not a bridge";
    33853387    return NULL;
    33863388  }
    3387   if (!get_options()->UseBridges && r->purpose != ROUTER_PURPOSE_GENERAL) {
     3389  if (!options->EffectiveUseBridges &&
     3390      r->purpose != ROUTER_PURPOSE_GENERAL) {
    33883391    *msg = "not general-purpose";
    33893392    return NULL;
    33903393  }
     
    39543957{
    39553958  if (options->EntryNodes)
    39563959    return 1;
    3957   if (options->UseBridges)
     3960  if (options->EffectiveUseBridges)
    39583961    return 1;
    39593962  return 0;
    39603963}
     
    39663969{
    39673970  if (options->EntryNodes && options->StrictNodes)
    39683971    return 1;
    3969   if (options->UseBridges)
     3972  if (options->EffectiveUseBridges)
    39703973    return 1;
    39713974  return 0;
    39723975}
     
    40094012  SMARTLIST_FOREACH(entry_guards, entry_guard_t *, entry,
    40104013    {
    40114014      const char *msg;
    4012       r = entry_is_live(entry, need_uptime, need_capacity, 0, &msg);
     4015      int assmume_reachable =  options->EffectiveUseBridges ? 1 : 0;
     4016      r = entry_is_live(entry, need_uptime, need_capacity,
     4017                        assmume_reachable, &msg);
    40134018      if (!r)
    40144019        continue; /* down, no point */
    40154020      if (consider_exit_family && smartlist_isin(exit_family, r))
    40164021        continue; /* avoid relays that are family members of our exit */
     4022      if (options->EffectiveUseBridges &&
     4023          !routerinfo_is_a_configured_bridge(r))
     4024        continue; /* if we're using bridges we ignore all other entries */
    40174025      if (options->EntryNodes &&
    40184026          !routerset_contains_router(options->EntryNodes, r)) {
    40194027        /* We've come to the end of our preferred entry nodes. */
     
    46034611{
    46044612  tor_assert(ri);
    46054613  tor_assert(ri->purpose == ROUTER_PURPOSE_BRIDGE);
    4606   if (get_options()->UseBridges) {
     4614  if (get_options()->EffectiveUseBridges) {
    46074615    int first = !any_bridge_descriptors_known();
    46084616    bridge_info_t *bridge = get_configured_bridge_by_routerinfo(ri);
    46094617    time_t now = time(NULL);
     
    46274635  }
    46284636}
    46294637
    4630 /** Return 1 if any of our entry guards have descriptors that
    4631  * are marked with purpose 'bridge' and are running. Else return 0.
     4638/** Return 1 if any of our entry guards are configured bridges, have
     4639 * descriptors that are marked with purpose 'bridge' and are running.
     4640 * Else return 0.
    46324641 *
    46334642 * We use this function to decide if we're ready to start building
    46344643 * circuits through our bridges, or if we need to wait until the
     
    46364645int
    46374646any_bridge_descriptors_known(void)
    46384647{
    4639   tor_assert(get_options()->UseBridges);
    4640   return choose_random_entry(NULL)!=NULL ? 1 : 0;
     4648  routerinfo_t *r;
     4649  tor_assert(get_options()->EffectiveUseBridges);
     4650
     4651  SMARTLIST_FOREACH_BEGIN(entry_guards, entry_guard_t *, entry)
     4652  {
     4653    const char *msg;
     4654    r = entry_is_live(entry, 0, 0, 0, &msg);
     4655    if (r && routerinfo_is_a_configured_bridge(r))
     4656      return 1;
     4657  }
     4658  SMARTLIST_FOREACH_END(entry);
     4659
     4660  return 0;
    46414661}
    46424662
    46434663/** Return 1 if there are any directory conns fetching bridge descriptors
     
    46714691  routerinfo_t *ri;
    46724692  int any_known = 0;
    46734693  int any_running = 0;
    4674   int purpose = options->UseBridges ?
     4694  int purpose = options->EffectiveUseBridges ?
    46754695                  ROUTER_PURPOSE_BRIDGE : ROUTER_PURPOSE_GENERAL;
    46764696  if (!entry_guards)
    46774697    entry_guards = smartlist_create();
  • src/or/circuituse.c

    diff -Naur tor-0.2.2.22-alpha.old/src/or/circuituse.c tor-0.2.2.22-alpha/src/or/circuituse.c
    old new  
    12331233        log_fn(severity, LD_APP|LD_DIR,
    12341234               "Application request when we haven't used client functionality "
    12351235               "lately. Optimistically trying known %s again.",
    1236                options->UseBridges ? "bridges" : "entrynodes");
     1236               options->EffectiveUseBridges ? "bridges" : "entrynodes");
    12371237        entries_retry_all(options);
    1238       } else if (!options->UseBridges || any_bridge_descriptors_known()) {
     1238      } else if (!options->EffectiveUseBridges ||
     1239                 any_bridge_descriptors_known()) {
    12391240        log_fn(severity, LD_APP|LD_DIR,
    12401241               "Application request when we haven't used client functionality "
    12411242               "lately. Optimistically trying directory fetches again.");
  • tor-0.2.2.22-alpha

    diff -Naur tor-0.2.2.22-alpha.old/src/or/config.c tor-0.2.2.22-alpha/src/or/config.c
    old new  
    366366  V(TransPort,                   UINT,     "0"),
    367367  V(TunnelDirConns,              BOOL,     "1"),
    368368  V(UpdateBridgesFromAuthority,  BOOL,     "0"),
    369   V(UseBridges,                  BOOL,     "0"),
     369  V(UseBridges,                  STRING,   "auto"),
    370370  V(UseEntryGuards,              BOOL,     "1"),
    371371  V(User,                        STRING,   NULL),
    372372  VAR("V1AuthoritativeDirectory",BOOL, V1AuthoritativeDir,   "0"),
     
    11461146{
    11471147  config_line_t *cl;
    11481148  or_options_t *options = get_options();
     1149  int configured_bridges_changed = 0;
    11491150  int running_tor = options->command == CMD_RUN_TOR;
    11501151  char *msg;
    11511152
     
    11571158  if (consider_adding_dir_authorities(options, old_options) < 0)
    11581159    return -1;
    11591160
    1160   if (options->Bridges) {
     1161  if ((!old_options && options->Bridges) ||
     1162      (old_options && !config_lines_eq(options->Bridges,
     1163                                       old_options->Bridges))) {
     1164    configured_bridges_changed = 1;
    11611165    clear_bridge_list();
    11621166    for (cl = options->Bridges; cl; cl = cl->next) {
    11631167      if (parse_bridge_line(cl->value, 0)<0) {
     
    12451249    return -1;
    12461250  }
    12471251
     1252  /* parse UseBridges tristate */
     1253  if (!strcmp(options->UseBridges, "0"))
     1254    options->EffectiveUseBridges = 0;
     1255  else if (!strcmp(options->UseBridges, "1"))
     1256    options->EffectiveUseBridges = 1;
     1257  else if (!strcmp(options->UseBridges, "auto")) {
     1258    if (!options->Bridges || server_mode(options))
     1259      options->EffectiveUseBridges = 0;
     1260    else
     1261      options->EffectiveUseBridges = 1;
     1262  } else {
     1263    /* Should have caught this in options_validate */
     1264    return -1;
     1265  }
     1266
    12481267  /* Change the cell EWMA settings */
    12491268  cell_ewma_set_scale_factor(options, networkstatus_get_latest_consensus());
    12501269
     
    12601279         !routerset_equal(old_options->EntryNodes, options->EntryNodes)) ||
    12611280        (options->ExitNodes &&
    12621281         !routerset_equal(old_options->ExitNodes, options->ExitNodes)) ||
    1263         options->StrictNodes != old_options->StrictNodes) {
     1282        options->StrictNodes != old_options->StrictNodes ||
     1283        !bool_eq(options->EffectiveUseBridges,
     1284                 old_options->EffectiveUseBridges) ||
     1285        configured_bridges_changed) {
    12641286      log_info(LD_CIRC,
    1265                "Changed to using entry guards, or changed preferred or "
    1266                "excluded node lists. Abandoning previous circuits.");
     1287               "Changed to using entry guards, changed bridge settings, or "
     1288               "changed preferred or excluded node lists. Abandoning "
     1289               "previous circuits.");
    12671290      circuit_mark_all_unused_circs();
    12681291      circuit_expire_all_dirty_circs();
    12691292    }
     
    14291452    }
    14301453  }
    14311454
     1455  /* Fetch bridge descriptors for any new bridges we've configured. */
     1456  if (options->EffectiveUseBridges && configured_bridges_changed) {
     1457    log_info(LD_CONFIG, "New bridges configured, "
     1458                        "fetching bridge descriptors.");
     1459    schedule_early_descriptor_refetch();
     1460  }
     1461
    14321462  /* Load the webpage we're going to serve every time someone asks for '/' on
    14331463     our DirPort. */
    14341464  tor_free(global_dirfrontpagecontents);
     
    30083038    REJECT("RefuseUnknownExits must be 0, 1, or auto");
    30093039  }
    30103040
     3041  if (strcmp(options->UseBridges, "0") &&
     3042      strcmp(options->UseBridges, "1") &&
     3043      strcmp(options->UseBridges, "auto")) {
     3044    REJECT("UseBridges must be 0, 1, or auto");
     3045  }
     3046
    30113047#ifndef MS_WINDOWS
    30123048  if (options->RunAsDaemon && torrc_fname && path_is_relative(torrc_fname))
    30133049    REJECT("Can't use a relative path to torrc when RunAsDaemon is set.");
     
    32273263           "of the Internet, so they must not set Reachable*Addresses "
    32283264           "or FascistFirewall.");
    32293265
    3230   if (options->UseBridges &&
     3266  if (!strcmp(options->UseBridges, "1") &&
    32313267      server_mode(options))
    32323268    REJECT("Servers must be able to freely connect to the rest "
    3233            "of the Internet, so they must not set UseBridges.");
     3269           "of the Internet, so they must not set UseBridges to 1.");
    32343270
    32353271  options->_AllowInvalid = 0;
    32363272  if (options->AllowInvalidNodes) {
     
    35443580  if (validate_dir_authorities(options, old_options) < 0)
    35453581    REJECT("Directory authority line did not parse. See logs for details.");
    35463582
    3547   if (options->UseBridges && !options->Bridges)
    3548     REJECT("If you set UseBridges, you must specify at least one bridge.");
    3549   if (options->UseBridges && !options->TunnelDirConns)
    3550     REJECT("If you set UseBridges, you must set TunnelDirConns.");
     3583  if (strcmp(options->UseBridges, "0") && !options->TunnelDirConns)
     3584    REJECT("TunnelDirConns set to 0 only works with UseBridges set to 0.");
    35513585  if (options->Bridges) {
    35523586    for (cl = options->Bridges; cl; cl = cl->next) {
    35533587      if (parse_bridge_line(cl->value, 1)<0)
  • tor-0.2.2.22-alpha

    diff -Naur tor-0.2.2.22-alpha.old/src/or/control.c tor-0.2.2.22-alpha/src/or/control.c
    old new  
    39403940  if (reason == END_OR_CONN_REASON_NO_ROUTE)
    39413941    recommendation = "warn";
    39423942
    3943   if (get_options()->UseBridges &&
     3943  if (get_options()->EffectiveUseBridges &&
    39443944      !any_bridge_descriptors_known() &&
    39453945      !any_pending_bridge_descriptor_fetches())
    39463946    recommendation = "warn";
  • src/or/directory.c

    diff -Naur tor-0.2.2.22-alpha.old/src/or/directory.c tor-0.2.2.22-alpha/src/or/directory.c
    old new  
    370370    return;
    371371
    372372  if (!get_via_tor) {
    373     if (options->UseBridges && type != BRIDGE_AUTHORITY) {
     373    if (options->EffectiveUseBridges && type != BRIDGE_AUTHORITY) {
    374374      /* want to ask a running bridge for which we have a descriptor. */
    375375      /* XXX022 we assume that all of our bridges can answer any
    376376       * possible directory question. This won't be true forever. -RD */
     
    18291829    if (which || (conn->requested_resource &&
    18301830                  (!strcmpstart(conn->requested_resource, "all") ||
    18311831                   (!strcmpstart(conn->requested_resource, "authority") &&
    1832                     get_options()->UseBridges)))) {
     1832                    get_options()->EffectiveUseBridges)))) {
    18331833      /* as we learn from them, we remove them from 'which' */
    18341834      if (was_ei) {
    18351835        router_load_extrainfo_from_string(body, NULL, SAVED_NOWHERE, which,
  • tor-0.2.2.22-alpha

    diff -Naur tor-0.2.2.22-alpha.old/src/or/dirserv.c tor-0.2.2.22-alpha/src/or/dirserv.c
    old new  
    11961196int
    11971197directory_fetches_dir_info_later(or_options_t *options)
    11981198{
    1199   return options->UseBridges != 0;
     1199  return options->EffectiveUseBridges != 0;
    12001200}
    12011201
    12021202/** Return 1 if we want to cache v2 dir info (each status file).
  • tor-0.2.2.22-alpha

    diff -Naur tor-0.2.2.22-alpha.old/src/or/main.c tor-0.2.2.22-alpha/src/or/main.c
    old new  
    849849  signewnym_is_pending = 0;
    850850}
    851851
     852/** True iff we should retry fetching descriptors earlier than scheduled.
     853 */
     854static int early_descriptor_refetch = 0;
     855
     856/** Reschedule a descriptor refetch to be done as soon as possible.
     857  */
     858void
     859schedule_early_descriptor_refetch(void)
     860{
     861  early_descriptor_refetch = 1;
     862}
     863
    852864/** Perform regular maintenance tasks.  This function gets run once per
    853865 * second by second_elapsed_callback().
    854866 */
     
    912924      router_upload_dir_desc_to_dirservers(0);
    913925  }
    914926
    915   if (time_to_try_getting_descriptors < now) {
     927  if (time_to_try_getting_descriptors < now ||
     928      early_descriptor_refetch) {
     929    early_descriptor_refetch = 0;
    916930    update_router_descriptor_downloads(now);
    917931    update_extrainfo_downloads(now);
    918     if (options->UseBridges)
     932    if (options->EffectiveUseBridges)
    919933      fetch_bridge_descriptors(options, now);
    920934    if (router_have_minimum_dir_info())
    921935      time_to_try_getting_descriptors = now + LAZY_DESCRIPTOR_RETRY_INTERVAL;
     
    11721186   *    and we make a new circ if there are no clean circuits.
    11731187   */
    11741188  have_dir_info = router_have_minimum_dir_info();
    1175   if (have_dir_info && !we_are_hibernating())
     1189  if (have_dir_info && !we_are_hibernating() &&
     1190      (!options->EffectiveUseBridges || any_bridge_descriptors_known()))
    11761191    circuit_build_needed_circs(now);
    11771192
    11781193  /* every 10 seconds, but not at the same second as other such events */
  • tor-0.2.2.22-alpha

    diff -Naur tor-0.2.2.22-alpha.old/src/or/main.h tor-0.2.2.22-alpha/src/or/main.h
    old new  
    4141void directory_all_unreachable(time_t now);
    4242void directory_info_has_arrived(time_t now, int from_cache);
    4343
     44void schedule_early_descriptor_refetch(void);
     45
    4446void ip_address_changed(int at_interface);
    4547void dns_servers_relaunch_checks(void);
    4648
  • src/or/networkstatus.c

    diff -Naur tor-0.2.2.22-alpha.old/src/or/networkstatus.c tor-0.2.2.22-alpha/src/or/networkstatus.c
    old new  
    13411341int
    13421342should_delay_dir_fetches(or_options_t *options)
    13431343{
    1344   if (options->UseBridges && !any_bridge_descriptors_known()) {
     1344  if (options->EffectiveUseBridges && !any_bridge_descriptors_known()) {
    13451345    log_info(LD_DIR, "delaying dir fetches (no running bridges known)");
    13461346    return 1;
    13471347  }
  • tor-0.2.2.22-alpha

    diff -Naur tor-0.2.2.22-alpha.old/src/or/or.h tor-0.2.2.22-alpha/src/or/or.h
    old new  
    24352435   * when doing so. */
    24362436  char *BridgePassword;
    24372437
    2438   int UseBridges; /**< Boolean: should we start all circuits with a bridge? */
     2438  /**< Whether we should start all circuits with a bridge. "1" means strictly
     2439   *  yes, 0 means stricly no, and "auto" means that we do iff any bridges
     2440   *  are configured and we are not running a server. */
     2441  char *UseBridges;
     2442  /**< Effective value of UseBridges. Will be set equally (but as an integer)
     2443   *  for UseBriges set to "1" or "0", but for "auto" it will be set to 1 iff
     2444   *  any bridges are configured and we are not running a server. */
     2445  int EffectiveUseBridges;
    24392446  config_line_t *Bridges; /**< List of bootstrap bridge addresses. */
    24402447
    24412448  int BridgeRelay; /**< Boolean: are we acting as a bridge relay? We make