arti-testing needs some kind of directory-modification mechanism
For #329 (closed), I'm trying to simulate a bunch of failure conditions on the Tor network so that we can see how well arti tolerates them. I've found that there are a number of target failure conditions that would be easier to simulate if DirMgr had some mechanism to modify the consensus and microdescriptors in a directory before passing them on as a NetDir.
For example:
- A guard that refuses all circuits can be simulated with a filter that corrupts the onion key for every guard, so that all the client's
- All relays have the wrong identity can be simulated with a filter that changes relay identites.
- No circuit supports desired path can be simulated with a filter that removes port 443 from every exit policy.
With that in mind, I'm wondering the best way to build this. Some approaches:
- I could write a new
DirProviderimplementation (see !318 (merged)) from scratch, with filtering support. A lot of work, not a great idea. - I could try to write a new
DirProviderimplementation that wraps the existing DirMgr, and posprocesses theNetDirbefore passing it on. That's a bit tricky, though, sinceNetDiris intentionally immutable, and not really designed for creating a new NetDir based on an old one. - I could add some mechanism to
DirMgr(probably optional and feature-gated) to install a filter on consensus objects and individual microdescs before building a netdir out of them. This is how I'm leaning, but I'm wondering what you think.
In addition to those options, I need some way to actually modify the MdConsensus or UnverifiedConsensus, and some way to modify Microdescs after they're made. Options are:
- Implement
From<FOO>forFOOBuilderfor these types. (There are already optionalMdConsensusBuilderandMicrodescBuilderobjects for testing.) This is the way I'm leaning. - Add a set of
set_foo()functions to the base types for these objects.
If this seems plausible, I'll go ahead with it.