DirMgr: Revise error handling to better tolerate reset-able failures
- May 19, 2022
-
-
Nick Mathewson authored -
Nick Mathewson authored
-
Nick Mathewson authored
It does nothing that Fatal does not. Suggested by @eta in review.
-
- May 17, 2022
-
-
Nick Mathewson authored
-
Nick Mathewson authored
-
Nick Mathewson authored
We no longer have separate return paths for recoverable and fatal errors; instead, they are merged, and distinguished based on recovery actions. Since it is now possible for download() to give an error that should _not_ destroy the previous state, it takes `&mut Box<dyn DirState>`. This change unfortunately means that we can no longer call `state = state.advance()`, but instead have to do some mem::swap junk with poisoned values. Any better solution would be a good thing. Additionally, the reset() and advance() methods can no longer fail. There is still a separate return path for reset-triggering errors; I'm about to fix that.
-
Nick Mathewson authored
-
Nick Mathewson authored
This commit adds a couple of new error types that we will soon want to distinguish, and a new way of classifying errors. These are not yet all used.
-
- May 16, 2022
-
-
Nick Mathewson authored
-
Nick Mathewson authored
This should be sufficient to detect several kinds of nefariousness that we'd previously overlooked.
-
Nick Mathewson authored
This should have gone in when we fixed #412
-
Nick Mathewson authored
-
Nick Mathewson authored
Previously, we did this in `advance()`, but that wasn't so great: it meant that we could fail in the advance() code, whereas the calls to `advance()` treated errors as fatal. This treats failed verification as a blocking error that requires a reset. Fixes one aspect of #439.
-
Nick Mathewson authored
Fortunately, the only error type that we need to handle blocking errors with actually has a DirSource in it already.
-
Nick Mathewson authored
(A blocking error is one that means that the current bootstrap attempt has failed, and must be restarted.)
-
Nick Mathewson authored
-
Nick Mathewson authored
Previously all errors were treated as non-fatal. The add_from_* implementations don't yet behave properly; I'll fix them in subsequent commits.
-
Nick Mathewson authored
(Also, implement Display for tor_dirclient::SourceInfo).
-
Nick Mathewson authored
Previously DocSource would tell you whether the document was from a local store or a cache server, but it wouldn't tell you _which_ server it came from. This change required adding DocSource as an argument to DirState::add_from_download.
-