arti-testing needs some kind of directory-modification mechanism
For #329 (closed), I'm trying to simulate a bunch of failure conditions on the Tor network so that we can see how well arti tolerates them. I've found that there are a number of target failure conditions that would be easier to simulate if
DirMgr had some mechanism to modify the consensus and microdescriptors in a directory before passing them on as a
- A guard that refuses all circuits can be simulated with a filter that corrupts the onion key for every guard, so that all the client's
- All relays have the wrong identity can be simulated with a filter that changes relay identites.
- No circuit supports desired path can be simulated with a filter that removes port 443 from every exit policy.
With that in mind, I'm wondering the best way to build this. Some approaches:
- I could write a new
DirProviderimplementation (see !318 (merged)) from scratch, with filtering support. A lot of work, not a great idea.
- I could try to write a new
DirProviderimplementation that wraps the existing DirMgr, and posprocesses the
NetDirbefore passing it on. That's a bit tricky, though, since
NetDiris intentionally immutable, and not really designed for creating a new NetDir based on an old one.
- I could add some mechanism to
DirMgr(probably optional and feature-gated) to install a filter on consensus objects and individual microdescs before building a netdir out of them. This is how I'm leaning, but I'm wondering what you think.
In addition to those options, I need some way to actually modify the MdConsensus or UnverifiedConsensus, and some way to modify Microdescs after they're made. Options are:
FOOBuilderfor these types. (There are already optional
MicrodescBuilderobjects for testing.) This is the way I'm leaning.
- Add a set of
set_foo()functions to the base types for these objects.
If this seems plausible, I'll go ahead with it.