[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/release-0.4.5] Merge branch 'maint-0.3.5' into maint-0.4.5
commit 47adba879ca215ef1cd5abae93a32e17063eccb2
Merge: 40e2106031 439e17180c
Author: David Goulet <dgoulet@xxxxxxxxxxxxxx>
Date: Fri Nov 5 10:35:08 2021 -0400
Merge branch 'maint-0.3.5' into maint-0.4.5
src/core/or/protover.c | 113 +++++++++++++++++++++++++++++++++++++++++-
src/core/or/protover.h | 4 ++
src/feature/dirauth/dirvote.c | 12 ++---
3 files changed, 121 insertions(+), 8 deletions(-)
diff --cc src/core/or/protover.c
index aa96cafff9,82e4f64c94..8b307a8a2f
--- a/src/core/or/protover.c
+++ b/src/core/or/protover.c
@@@ -390,11 -387,38 +395,43 @@@ protocol_list_supports_protocol_or_late
const char *
protover_get_supported_protocols(void)
{
+ /* WARNING!
+ *
+ * Remember to edit the SUPPORTED_PROTOCOLS list in protover.rs if you
+ * are editing this list.
+ */
+
+ /*
+ * XXX: WARNING!
+ *
+ * Be EXTREMELY CAREFUL when *removing* versions from this list. If you
+ * remove an entry while it still appears as "recommended" in the consensus,
+ * you'll cause all the instances without it to warn.
+ *
+ * If you remove an entry while it still appears as "required" in the
+ * consensus, you'll cause all the instances without it to refuse to connect
+ * to the network, and shut down.
+ *
+ * If you need to remove a version from this list, you need to make sure that
+ * it is not listed in the _current consensuses_: just removing it from the
+ * required list below is NOT ENOUGH. You need to remove it from the
+ * required list, and THEN let the authorities upgrade and vote on new
+ * consensuses without it. Only once those consensuses are out is it safe to
+ * remove from this list.
+ *
+ * One concrete example of a very dangerous race that could occur:
+ *
+ * Suppose that the client supports protocols "HsDir=1-2" and the consensus
+ * requires protocols "HsDir=1-2. If the client supported protocol list is
+ * then changed to "HSDir=2", while the consensus stills lists "HSDir=1-2",
+ * then these clients, even very recent ones, will shut down because they
+ * don't support "HSDir=1".
+ *
+ * And so, changes need to be done in strict sequence as described above.
+ *
+ * XXX: WARNING!
+ */
+
return
"Cons=1-2 "
"Desc=1-2 "
@@@ -410,10 -433,83 +447,84 @@@
"LinkAuth=3 "
#endif
"Microdesc=1-2 "
- "Relay=1-2";
+ "Padding=2 "
+ "Relay=1-3";
}
+ /*
+ * XXX: WARNING!
+ *
+ * The recommended and required values are hardwired, to avoid disaster. Voting
+ * on the wrong subprotocols here has the potential to take down the network.
+ *
+ * In particular, you need to be EXTREMELY CAREFUL before adding new versions
+ * to the required protocol list. Doing so will cause every relay or client
+ * that doesn't support those versions to refuse to connect to the network and
+ * shut down.
+ *
+ * Note that this applies to versions, not just protocols! If you say that
+ * Foobar=8-9 is required, and the client only has Foobar=9, it will shut down.
+ *
+ * It is okay to do this only for SUPER OLD relays that are not supported on
+ * the network anyway. For clients, we really shouldn't kick them off the
+ * network unless their presence is causing serious active harm.
+ *
+ * The following required and recommended lists MUST be changed BEFORE the
+ * supported list above is changed, so that these lists appear in the
+ * consensus BEFORE clients need them.
+ *
+ * Please, see the warning in protocol_get_supported_versions().
+ *
+ * XXX: WARNING!
+ */
+
+ /*
+ * NOTE: A keen observer will notice that "LinkAuth" is not recommended nor
+ * required. This is due to the HAVE_WORKING_TOR_TLS_GET_TLSSECRETS define
+ * that can either set "1" or "1,3" and so we can't enforce one or the other
+ * due to this uncertainty on how tor was built.
+ */
+
+ /** Return the recommended client protocols list that directory authorities
+ * put in the consensus. */
+ const char *
+ protover_get_recommended_client_protocols(void)
+ {
+ return "Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 "
+ "Link=4 Microdesc=1-2 Relay=2";
+ }
+
+ /** Return the recommended relay protocols list that directory authorities
+ * put in the consensus. */
+ const char *
+ protover_get_recommended_relay_protocols(void)
+ {
+ return "Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 "
+ "Link=4 Microdesc=1-2 Relay=2";
+ }
+
+ /** Return the required client protocols list that directory authorities
+ * put in the consensus. */
+ const char *
+ protover_get_required_client_protocols(void)
+ {
+ return "Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 "
+ "Link=4 Microdesc=1-2 Relay=2";
+ }
+
+ /** Return the required relay protocols list that directory authorities
+ * put in the consensus. */
+ const char *
+ protover_get_required_relay_protocols(void)
+ {
+ return "Cons=1 Desc=1 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 "
+ "Link=3-4 Microdesc=1 Relay=1-2";
+ }
+
+ /*
+ * XXX END OF HAZARDOUS ZONE XXX
+ */
+
/** The protocols from protover_get_supported_protocols(), as parsed into a
* list of proto_entry_t values. Access this via
* get_supported_protocol_list. */
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits