r9318@Kushana: nickm | 2006-10-22 15:22:57 -0400

Let directory authorities set the BadExit flag if they like. Also, refactor directory authority code so we can believe multiple things about a single router, and do fewer linear searches. svn:r8794

r9318@Kushana: nickm | 2006-10-22 15:22:57 -0400
42bab1c6 · Nick Mathewson · 833f8245 · 42bab1c6 · 42bab1c6 · 42bab1c6
Commit 42bab1c6 authored 18 years ago by Nick Mathewson
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,6 +11,8 @@ Changes in version 0.1.2.3-alpha - 2006-10-??
    - Directory servers now provide 'Pragma: no-cache' and 'Expires'
      headers for content, so that we can work better in the presence of
      caching HTTP proxies.
+    - Allow authorities to list nodes as bad exits by fingerprint or by
+      address.

  o Minor features, controller:
    - Add a REASON field to CIRC events; for backward compatibility, this

--- a/doc/TODO
+++ b/doc/TODO
@@ -70,7 +70,6 @@ x - We should ship with a list of stable dir mirrors -- they're not

 N - Simplify authority operation
    - Follow weasel's proposal, crossed with mixminion dir config format
-    - Reject/invalidate by IP.

  - Servers are easy to setup and run: being a relay is about as easy as
    being a client.
@@ -279,7 +278,9 @@ d   - Write limiting; separate token bucket for write
      - Implement

 Minor items for 0.1.2.x as time permits:
-  - some way for the authorities to set BadExit for some nodes manually.
+  o Some way for the authorities to set BadExit for some nodes manually.
+  - When we export something from foo.c file for testing purposes only,
+    make a foo_test.h file for test.c to include.
  - "getinfo fingerprint" controller command
  - "setevent guards" controller command
  - The Debian package now uses --verify-config when (re)starting,

--- a/doc/tor.1.in
+++ b/doc/tor.1.in
@@ -779,6 +779,12 @@ option is only useful for authoritative directories, so you probably
 don't want to use it.
 .LP
 .TP
+\fBAuthDirBadExit \fR\fIAddressPattern\fR...\fP
+Authoritative directories only.  A set of address patterns for servers that
+will be listed as bad exits in any network status document this authority
+publishes, if \fBAuthDirListBadExits\fR is set.
+.LP
+.TP
 \fBAuthDirInvalid \fR\fIAddressPattern\fR...\fP
 Authoritative directories only. A set of address patterns for servers that
 will never be listed as "valid" in any network status document that this
@@ -792,6 +798,14 @@ authority publishes, or accepted as an OR address in any descriptor submitted
 for publication by this authority.
 .LP
 .TP
+\fBAuthDirListBadExits \fR\fB0\fR|\fB1\fR\fP
+Authoritative directories only.  If set to 1, this directory has
+some opinion about which nodes are unsuitable as exit nodes.  (Do not
+set this to 1 unless you plan to list nonfunctioning exits as bad;
+otherwise, you are effectively voting in favor of every declared exit
+as an exit.)
+.LP
+.TP
 \fBAuthDirRejectUnlisted \fR\fB0\fR|\fB1\fR\fP
 Authoritative directories only.  If set to 1, the directory server
 rejects all uploaded server descriptors that aren't explicitly listed

--- a/src/or/config.c
+++ b/src/or/config.c
@@ -128,9 +128,11 @@ static config_var_t _option_vars[] = {
  VAR("AllowInvalidNodes",   CSV,      AllowInvalidNodes,
                                                        "middle,rendezvous"),
  VAR("AssumeReachable",     BOOL,     AssumeReachable,      "0"),
+  VAR("AuthDirBadExit",      LINELIST, AuthDirReject,        NULL),
  VAR("AuthDirInvalid",      LINELIST, AuthDirInvalid,       NULL),
  VAR("AuthDirReject",       LINELIST, AuthDirReject,        NULL),
  VAR("AuthDirRejectUnlisted",BOOL,    AuthDirRejectUnlisted,"0"),
+  VAR("AuthDirListBadExits", BOOL,     AuthDirListBadExits,  "0"),
  VAR("AuthoritativeDirectory",BOOL,   AuthoritativeDir,     "0"),
  VAR("AvoidDiskWrites",     BOOL,     AvoidDiskWrites,      "0"),
  VAR("BandwidthBurst",      MEMUNIT,  BandwidthBurst,       "6 MB"),

--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
--- a/src/or/policies.c
+++ b/src/or/policies.c
@@ -18,6 +18,7 @@ static addr_policy_t *socks_policy = NULL;
 static addr_policy_t *dir_policy = NULL;
 static addr_policy_t *authdir_reject_policy = NULL;
 static addr_policy_t *authdir_invalid_policy = NULL;
+static addr_policy_t *authdir_badexit_policy = NULL;

 /** Parsed addr_policy_t describing which addresses we believe we can start
 * circuits at. */
@@ -203,6 +204,15 @@ authdir_policy_valid_address(uint32_t addr, uint16_t port)
  return addr_policy_permits_address(addr, port, authdir_invalid_policy);
 }

+/** Return 1 if <b>addr</b>:<b>port</b> should be marked as a bad exit,
+ * based on <b>authdir_badexit_policy</b>. Else return 0.
+ */
+int
+authdir_policy_badexit_address(uint32_t addr, uint16_t port)
+{
+  return ! addr_policy_permits_address(addr, port, authdir_badexit_policy);
+}
+
 #define REJECT(arg) \
  do { *msg = tor_strdup(arg); goto err; } while (0)
 int
@@ -271,6 +281,8 @@ policies_parse_from_options(or_options_t *options)
                          &authdir_reject_policy, ADDR_POLICY_REJECT);
  load_policy_from_option(options->AuthDirInvalid,
                          &authdir_invalid_policy, ADDR_POLICY_REJECT);
+  load_policy_from_option(options->AuthDirBadExit,
+                          &authdir_badexit_policy, ADDR_POLICY_REJECT);
  parse_reachable_addresses();
 }