Commit 6d9113d2 authored by David Goulet's avatar David Goulet 🆘
Browse files

dirauth: Resume sending 503 directory error code

Authorities were never sending back 503 error code because by design they
should be able to always answer directory requests regardless of bandwidth

However, that recently backfired because of a large number of requests from
unknown source using the DirPort that are _not_ getting their 503 code which
overloaded the DirPort leading to the authority to be unable to answer to its
fellow authorities.

This is not a complete solution to the problem but it will help ease off the
load on the authority side by sending back 503 codes *unless* the connection
is from a known relay or an authority.

Fixes #33029
Signed-off-by: David Goulet's avatarDavid Goulet <>
parent 735aa208
o Major bugfixes (directory authority):
- Directory authorities will now send a 503 (not enough bandwidth) code to
clients when under bandwidth pressure. Known relays and other authorities
will always be answered regardless of the bandwidth situation. Fixes bug
33029; bugfix on
......@@ -3211,8 +3211,21 @@ connection_dir_is_global_write_low(const connection_t *conn, size_t attempt)
size_t smaller_bucket =
if (authdir_mode(get_options()))
return false; /* there's always room to answer v2 if we're an auth dir */
/* Special case for authorities (directory only). */
if (authdir_mode_v3(get_options())) {
/* Are we configured to possibly reject requests under load? */
if (!get_options()->AuthDirRejectRequestsUnderLoad) {
/* Answer request no matter what. */
return false;
/* Always answer requests from a known relay which includes the other
* authorities. The following looks up the addresses for relays that we
* have their descriptor _and_ any configured trusted directories. */
if (nodelist_probably_contains_address(&conn->addr)) {
return false;
if (!connection_is_rate_limited(conn))
return false; /* local conns don't get limited */
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment