-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Roger Dingledine wrote: | The var->initvalue = tor_strdup(val) above clobbers the current value of | var->initvalue. For the first time we assign config options, that's fine, | since its initial value is from a static table. But for future times we | assign config options, we'll leak the previous value. | | One better approach might be to have a static table of keys (strings) | and values (strings) for the alternate defaults, and walk through the | table doing a config_find_option() on the key and then assigning value | directly from the table (rather than making a copy). You are right. I fixed that as you proposed (or similarly) and attached a new patch. - --Karsten -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIPUz10M+WPffBEmURArC5AKDEOjP3YKdB93brqPbhuuZ29UwxXQCfRpzp 97KmXg6WLOh9B4LzHWNy/tg= =EiSl -----END PGP SIGNATURE-----
Index: /home/karsten/tor/tor-trunk-private-network/src/or/config.c =================================================================== --- /home/karsten/tor/tor-trunk-private-network/src/or/config.c (revision 14770) +++ /home/karsten/tor/tor-trunk-private-network/src/or/config.c (working copy) @@ -174,6 +174,7 @@ V(DataDirectory, STRING, NULL), OBSOLETE("DebugLogFile"), V(DirAllowPrivateAddresses, BOOL, NULL), + V(DirTimeToLearnReachability, INTERVAL, "30 minutes"), V(DirListenAddress, LINELIST, NULL), OBSOLETE("DirFetchPeriod"), V(DirPolicy, LINELIST, NULL), @@ -185,6 +186,7 @@ V(DownloadExtraInfo, BOOL, "0"), V(EnforceDistinctSubnets, BOOL, "1"), V(EntryNodes, STRING, NULL), + V(EstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"), V(ExcludeNodes, STRING, NULL), V(ExitNodes, STRING, NULL), V(ExitPolicy, LINELIST, NULL), @@ -244,6 +246,7 @@ V(OutboundBindAddress, STRING, NULL), OBSOLETE("PathlenCoinWeight"), V(PidFile, STRING, NULL), + V(TestingTorNetwork, BOOL, "0"), V(PreferTunneledDirConns, BOOL, "1"), V(ProtocolWarnings, BOOL, "0"), V(PublishServerDescriptor, CSV, "1"), @@ -298,6 +301,9 @@ VAR("V1AuthoritativeDirectory",BOOL, V1AuthoritativeDir, "0"), VAR("V2AuthoritativeDirectory",BOOL, V2AuthoritativeDir, "0"), VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir, "0"), + V(V3AuthInitialVotingInterval, INTERVAL, "30 minutes"), + V(V3AuthInitialVoteDelay, INTERVAL, "5 minutes"), + V(V3AuthInitialDistDelay, INTERVAL, "5 minutes"), V(V3AuthVotingInterval, INTERVAL, "1 hour"), V(V3AuthVoteDelay, INTERVAL, "5 minutes"), V(V3AuthDistDelay, INTERVAL, "5 minutes"), @@ -314,6 +320,26 @@ V(MinUptimeHidServDirectoryV2, INTERVAL, "24 hours"), { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL } }; + +static config_var_t testing_tor_network_defaults[] = { + V(ServerDNSAllowBrokenResolvConf, BOOL, "1"), + V(DirAllowPrivateAddresses, BOOL, "1"), + V(EnforceDistinctSubnets, BOOL, "0"), + V(AssumeReachable, BOOL, "1"), + V(AuthDirMaxServersPerAddr, UINT, "0"), + V(AuthDirMaxServersPerAuthAddr,UINT, "0"), + V(ClientDNSRejectInternalAddresses, BOOL,"0"), + V(ExitPolicyRejectPrivate, BOOL, "0"), + V(V3AuthVotingInterval, INTERVAL, "5 minutes"), + V(V3AuthVoteDelay, INTERVAL, "20 seconds"), + V(V3AuthDistDelay, INTERVAL, "20 seconds"), + V(V3AuthInitialVotingInterval, INTERVAL, "5 minutes"), + V(V3AuthInitialVoteDelay, INTERVAL, "20 seconds"), + V(V3AuthInitialDistDelay, INTERVAL, "20 seconds"), + V(DirTimeToLearnReachability, INTERVAL, "0 minutes"), + V(EstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"), + { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL } +}; #undef VAR #define VAR(name,conftype,member,initvalue) \ @@ -3326,6 +3352,73 @@ }); } + if (options->TestingTorNetwork && !options->DirServers) { + REJECT("TestingTorNetwork may only be configured in combination with " + "a non-default set of DirServers."); + } + + if (options->V3AuthInitialVotingInterval != 30*60 && + !options->TestingTorNetwork) { + REJECT("V3AuthInitialVotingInterval may only be changed in testing " + "Tor networks!"); + } else if (options->V3AuthInitialVotingInterval < MIN_VOTE_INTERVAL) { + REJECT("V3AuthInitialVotingInterval is insanely low."); + } else if (options->V3AuthInitialVotingInterval > 24*60*60) { + REJECT("V3AuthInitialVotingInterval is insanely high."); + } else if (((30*60) % options->V3AuthInitialVotingInterval) != 0) { + REJECT("V3AuthInitialVotingInterval does not divide evenly into " + "30 minutes."); + } + + if (options->V3AuthInitialVoteDelay != 5*60 && + !options->TestingTorNetwork) { + REJECT("V3AuthInitialVoteDelay may only be changed in testing " + "Tor networks!"); + } else if (options->V3AuthInitialVoteDelay < MIN_VOTE_SECONDS) { + REJECT("V3AuthInitialVoteDelay is way too low."); + } + + if (options->V3AuthInitialDistDelay != 5*60 && + !options->TestingTorNetwork) { + REJECT("V3AuthInitialDistDelay may only be changed in testing " + "Tor networks!"); + } else if (options->V3AuthInitialDistDelay < MIN_DIST_SECONDS) { + REJECT("V3AuthInitialDistDelay is way too low."); + } + + if (options->V3AuthInitialVoteDelay + options->V3AuthInitialDistDelay >= + options->V3AuthInitialVotingInterval/2) { + REJECT("V3AuthInitialVoteDelay plus V3AuthInitialDistDelay must be " + "less than half V3AuthInitialVotingInterval"); + } + + if (options->DirTimeToLearnReachability != 30*60 && + !options->TestingTorNetwork) { + REJECT("DirTimeToLearnReachability may only be changed in testing " + "Tor networks!"); + } else if (options->DirTimeToLearnReachability < 0) { + REJECT("DirTimeToLearnReachability must be non-negative."); + } else if (options->DirTimeToLearnReachability > 2*60*60) { + COMPLAIN("DirTimeToLearnReachability is insanely high."); + } + + if (options->EstimatedDescriptorPropagationTime != 10*60 && + !options->TestingTorNetwork) { + REJECT("EstimatedDescriptorPropagationTime may only be changed in " + "testing Tor networks!"); + } else if (options->EstimatedDescriptorPropagationTime < 0) { + REJECT("EstimatedDescriptorPropagationTime must be non-negative."); + } else if (options->EstimatedDescriptorPropagationTime > 60*60) { + COMPLAIN("EstimatedDescriptorPropagationTime is insanely high."); + } + + if (options->TestingTorNetwork) { + log_warn(LD_CONFIG, "TestingTorNetwork is set. This will make your node " + "almost unusable in the public Tor network, and is " + "therefore only advised if you are building a " + "testing Tor network!"); + } + return 0; #undef REJECT #undef COMPLAIN @@ -3389,6 +3482,12 @@ return -1; } + if (old->TestingTorNetwork != new_val->TestingTorNetwork) { + *msg = tor_strdup("While Tor is running, changing TestingTorNetwork " + "is not allowed."); + return -1; + } + return 0; } @@ -3757,6 +3856,50 @@ goto err; } + /* If this is a testing network configuration, change defaults + * for a list of dependent config options, re-initialize newoptions + * with the new defaults, and assign all options to it second time. */ + if (newoptions->TestingTorNetwork) { + + /* Change defaults. */ + int i; + for (i = 0; testing_tor_network_defaults[i].name; ++i) { + config_var_t *new_var = &testing_tor_network_defaults[i]; + config_var_t *old_var = + config_find_option(&options_format, new_var->name); + tor_assert(new_var); + tor_assert(old_var); + old_var->initvalue = new_var->initvalue; + } + + /* Clear newoptions and re-initialize them with new defaults. */ + config_free(&options_format, newoptions); + newoptions = tor_malloc_zero(sizeof(or_options_t)); + newoptions->_magic = OR_OPTIONS_MAGIC; + options_init(newoptions); + newoptions->command = command; + newoptions->command_arg = command_arg; + + /* Assign all options a second time. */ + retval = config_get_lines(cf, &cl); + if (retval < 0) { + err = SETOPT_ERR_PARSE; + goto err; + } + retval = config_assign(&options_format, newoptions, cl, 0, 0, msg); + config_free_lines(cl); + if (retval < 0) { + err = SETOPT_ERR_PARSE; + goto err; + } + retval = config_assign(&options_format, newoptions, + global_cmdline_options, 0, 0, msg); + if (retval < 0) { + err = SETOPT_ERR_PARSE; + goto err; + } + } + /* Validate newoptions */ if (options_validate(oldoptions, newoptions, 0, msg) < 0) { err = SETOPT_ERR_PARSE; /*XXX021 make this separate.*/ Index: /home/karsten/tor/tor-trunk-private-network/src/or/dirserv.c =================================================================== --- /home/karsten/tor/tor-trunk-private-network/src/or/dirserv.c (revision 14770) +++ /home/karsten/tor/tor-trunk-private-network/src/or/dirserv.c (working copy) @@ -2122,10 +2122,6 @@ router->is_bad_exit = router->is_bad_directory = 0; } -/** If we've been around for less than this amount of time, our reachability - * information is not accurate. */ -#define DIRSERV_TIME_TO_GET_REACHABILITY_INFO (30*60) - /** Return a new networkstatus_t* containing our current opinion. (For v3 * authorities) */ networkstatus_t * @@ -2155,7 +2151,7 @@ tor_assert(private_key); tor_assert(cert); - if (now - time_of_process_start < DIRSERV_TIME_TO_GET_REACHABILITY_INFO) + if (now - time_of_process_start < options->DirTimeToLearnReachability) vote_on_reachability = 0; if (resolve_my_address(LOG_WARN, options, &addr, &hostname)<0) { @@ -2241,7 +2237,7 @@ last_consensus_interval = current_consensus->fresh_until - current_consensus->valid_after; else - last_consensus_interval = DEFAULT_VOTING_INTERVAL_WHEN_NO_CONSENSUS; + last_consensus_interval = options->V3AuthInitialVotingInterval; v3_out->valid_after = dirvote_get_start_of_next_interval(now, (int)last_consensus_interval); format_iso_time(tbuf, v3_out->valid_after); Index: /home/karsten/tor/tor-trunk-private-network/src/or/dirvote.c =================================================================== --- /home/karsten/tor/tor-trunk-private-network/src/or/dirvote.c (revision 14770) +++ /home/karsten/tor/tor-trunk-private-network/src/or/dirvote.c (working copy) @@ -1300,8 +1300,9 @@ vote_delay = consensus->vote_seconds; dist_delay = consensus->dist_seconds; } else { - interval = DEFAULT_VOTING_INTERVAL_WHEN_NO_CONSENSUS; - vote_delay = dist_delay = 300; + interval = options->V3AuthInitialVotingInterval; + vote_delay = options->V3AuthInitialVoteDelay; + dist_delay = options->V3AuthInitialDistDelay; } tor_assert(interval > 0); Index: /home/karsten/tor/tor-trunk-private-network/src/or/or.h =================================================================== --- /home/karsten/tor/tor-trunk-private-network/src/or/or.h (revision 14770) +++ /home/karsten/tor/tor-trunk-private-network/src/or/or.h (working copy) @@ -2350,6 +2350,31 @@ * migration purposes? */ int V3AuthUseLegacyKey; + /** The length of time that we think an initial consensus should be + * fresh. */ + int V3AuthInitialVotingInterval; + + /** The length of time we think it will take to distribute initial + * votes. */ + int V3AuthInitialVoteDelay; + + /** The length of time we think it will take to distribute initial + * signatures. */ + int V3AuthInitialDistDelay; + + /** If an authority has been around for less than this amount of time, + * its reachability information is not accurate. */ + int DirTimeToLearnReachability; + + /** Clients don't download any descriptor this recent, since it will + * probably not have propagated to enough caches. */ + int EstimatedDescriptorPropagationTime; + + /** If true, we take part in a testing network. Change the defaults of a + * couple of other configuration options and allow to change the values + * of certain configuration options. */ + int TestingTorNetwork; + /** File to check for a consensus networkstatus, if we don't have one * cached. */ char *FallbackNetworkstatusFile; @@ -3192,9 +3217,6 @@ /** Smallest allowable voting interval. */ #define MIN_VOTE_INTERVAL 300 -/** If there is no consensus, what interval do we default to? */ -#define DEFAULT_VOTING_INTERVAL_WHEN_NO_CONSENSUS (30*60) - void dirvote_free_all(void); /* vote manipulation */ Index: /home/karsten/tor/tor-trunk-private-network/src/or/routerlist.c =================================================================== --- /home/karsten/tor/tor-trunk-private-network/src/or/routerlist.c (revision 14770) +++ /home/karsten/tor/tor-trunk-private-network/src/or/routerlist.c (working copy) @@ -3673,10 +3673,6 @@ tor_free(resource); } -/** Clients don't download any descriptor this recent, since it will probably - * not have propagated to enough caches. */ -#define ESTIMATED_PROPAGATION_TIME (10*60) - /** Return 0 if this routerstatus is obsolete, too new, isn't * running, or otherwise not a descriptor that we would make any * use of even if we had it. Else return 1. */ @@ -3688,7 +3684,7 @@ * But, if we want to have a complete list, fetch it anyway. */ return 0; } - if (rs->published_on + ESTIMATED_PROPAGATION_TIME > now) { + if (rs->published_on + options->EstimatedDescriptorPropagationTime > now) { /* Most caches probably don't have this descriptor yet. */ return 0; }
Attachment:
patch3.txt.sig
Description: Binary data