[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/master] Add an AssumeReachableIPv6 autobool option.



commit edb023b1e74dd3b900af399126bd985fc4064857
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date:   Wed Jun 24 15:12:57 2020 -0400

    Add an AssumeReachableIPv6 autobool option.
    
    This option tells Tor that our IPv6 orport is reachable, and doesn't
    need to be checked.
    
    Closes the rest of 33224.
---
 changes/ticket33224            |  3 +++
 doc/tor.1.txt                  |  7 ++++++-
 src/app/config/config.c        |  5 +++++
 src/app/config/or_options_st.h |  9 ++++++++-
 src/feature/relay/router.c     |  4 ++--
 src/feature/relay/selftest.c   | 12 ++++++++----
 6 files changed, 32 insertions(+), 8 deletions(-)

diff --git a/changes/ticket33224 b/changes/ticket33224
new file mode 100644
index 000000000..3fdab7dc5
--- /dev/null
+++ b/changes/ticket33224
@@ -0,0 +1,3 @@
+  o Minor features (relay, IPv6):
+    - Add an AssumeReachableIPv6 option to disable self-checking IPv6
+      reachability. Closes part of ticket 33224.
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 15d5775e2..7ff31fa00 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -2146,7 +2146,12 @@ is non-zero):
     don't do self-reachability testing; just upload your server descriptor
     immediately. If **AuthoritativeDirectory** is also set, this option
     instructs the dirserver to bypass remote reachability testing too and list
-    all connected servers as running.
+    all connected servers as running. (Default: 0)
+
+[[AssumeReachableIPv6]] **AssumeReachableIPv6** **0**|**1**|**auto**::
+    Like **AssumeReachable**, but affects only the relay's own IPv6 ORPort.
+    If this value is set to "auto", then Tor will look at **AssumeReachable**
+    instead. (Default: auto)
 
 [[BridgeRelay]] **BridgeRelay** **0**|**1**::
     Sets the relay to act as a "bridge" with respect to relaying connections
diff --git a/src/app/config/config.c b/src/app/config/config.c
index 286cd9304..7878fa9de 100644
--- a/src/app/config/config.c
+++ b/src/app/config/config.c
@@ -323,6 +323,7 @@ static const config_var_t option_vars_[] = {
   V(AlternateDirAuthority,       LINELIST, NULL),
   OBSOLETE("AlternateHSAuthority"),
   V(AssumeReachable,             BOOL,     "0"),
+  V(AssumeReachableIPv6,         AUTOBOOL, "auto"),
   OBSOLETE("AuthDirBadDir"),
   OBSOLETE("AuthDirBadDirCCs"),
   V(AuthDirBadExit,              LINELIST, NULL),
@@ -3229,6 +3230,10 @@ options_validate_cb(const void *old_options_, void *options_, char **msg)
     REJECT("TokenBucketRefillInterval must be between 1 and 1000 inclusive.");
   }
 
+  if (options->AssumeReachable && options->AssumeReachableIPv6 == 0) {
+    REJECT("Cannot set AssumeReachable 1 and AssumeReachableIPv6 0.");
+  }
+
   if (options->ExcludeExitNodes || options->ExcludeNodes) {
     options->ExcludeExitNodesUnion_ = routerset_new();
     routerset_union(options->ExcludeExitNodesUnion_,options->ExcludeExitNodes);
diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h
index 2f375f5d9..07126cc6c 100644
--- a/src/app/config/or_options_st.h
+++ b/src/app/config/or_options_st.h
@@ -195,7 +195,14 @@ struct or_options_t {
   unsigned int HTTPTunnelPort_set : 1;
   /**@}*/
 
-  int AssumeReachable; /**< Whether to publish our descriptor regardless. */
+  /** Whether to publish our descriptor regardless of all our self-tests
+   */
+  int AssumeReachable;
+  /** Whether to publish our descriptor regardless of IPv6 self-tests.
+   *
+   * This is an autobool; when set to AUTO, it uses AssumeReachable.
+   **/
+  int AssumeReachableIPv6;
   int AuthoritativeDir; /**< Boolean: is this an authoritative directory? */
   int V3AuthoritativeDir; /**< Boolean: is this an authoritative directory
                            * for version 3 directories? */
diff --git a/src/feature/relay/router.c b/src/feature/relay/router.c
index 97b630add..d32d03fc1 100644
--- a/src/feature/relay/router.c
+++ b/src/feature/relay/router.c
@@ -1374,13 +1374,13 @@ decide_if_publishable_server(void)
     return 1;
   if (!router_get_advertised_or_port(options))
     return 0;
-  if (!router_orport_seems_reachable(AF_INET)) {
+  if (!router_orport_seems_reachable(options, AF_INET)) {
     // We have an ipv4 orport, and it doesn't seem reachable.
     if (!publish_even_when_ipv4_orport_unreachable) {
       return 0;
     }
   }
-  if (!router_orport_seems_reachable(AF_INET6)) {
+  if (!router_orport_seems_reachable(options, AF_INET6)) {
     // We have an ipv6 orport, and it doesn't seem reachable.
     if (!publish_even_when_ipv6_orport_unreachable) {
       return 0;
diff --git a/src/feature/relay/selftest.c b/src/feature/relay/selftest.c
index 64b8578ba..ae24a0440 100644
--- a/src/feature/relay/selftest.c
+++ b/src/feature/relay/selftest.c
@@ -86,9 +86,8 @@ router_reachability_checks_disabled(const or_options_t *options)
  * orport checks.
  */
 int
-router_orport_seems_reachable(
-                                                const or_options_t *options,
-                                                int family)
+router_orport_seems_reachable(const or_options_t *options,
+                              int family)
 {
   tor_assert_nonfatal(family == AF_INET || family == AF_INET6 || family == 0);
   int reach_checks_disabled = router_reachability_checks_disabled(options);
@@ -96,6 +95,11 @@ router_orport_seems_reachable(
     return true;
   }
 
+  // Note that we do a == 1 here, not just a boolean check.  This value
+  // is also an autobool, so CFG_AUTO does not mean that we should
+  // assume IPv6 ports are reachable.
+  const bool ipv6_assume_reachable = (options->AssumeReachableIPv6 == 1);
+
   // Which reachability flags should we look at?
   const bool checking_ipv4 = (family == AF_INET || family == 0);
   const bool checking_ipv6 = (family == AF_INET6 || family == 0);
@@ -105,7 +109,7 @@ router_orport_seems_reachable(
       return false;
     }
   }
-  if (checking_ipv6) {
+  if (checking_ipv6 && !ipv6_assume_reachable) {
     if (have_orport_for_family(AF_INET6) && !can_reach_or_port_ipv6) {
       return false;
     }



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits