Provide dirauth ability to strip specific flags.

diff --git a/src/feature/dirauth/process_descs.c b/src/feature/dirauth/process_descs.c
index fafb781330ff7b8f9d72b374d08f752983821d9e..96cbaa8680c652307fea0b2c7298cbdc088b8999 100644 (file)
--- a/src/feature/dirauth/process_descs.c
+++ b/src/feature/dirauth/process_descs.c
@@ -228,6 +228,12 @@ dirserv_load_fingerprint_file(void)
         add_status = RTR_INVALID;
     }  else if (!strcasecmp(nickname, "!middleonly")) {
         add_status = RTR_MIDDLEONLY;
+    } else if (!strcasecmp(nickname, "!stripexit")) {
+        add_status = RTR_STRIPGUARD;
+    } else if (!strcasecmp(nickname, "!striphsdir")) {
+        add_status = RTR_STRIPHSDIR;
+    } else if (!strcasecmp(nickname, "!stripv2dir")) {
+        add_status = RTR_STRIPV2DIR;
     }
 
     /* Check if fingerprint is RSA or ed25519 by verifying it. */
@@ -627,6 +633,9 @@ dirserv_set_node_flags_from_authoritative_status(node_t *node,
   node->is_valid = (authstatus & RTR_INVALID) ? 0 : 1;
   node->is_bad_exit = (authstatus & RTR_BADEXIT) ? 1 : 0;
   node->is_middle_only = (authstatus & RTR_MIDDLEONLY) ? 1 : 0;
+  node->strip_guard = (authstatus & RTR_STRIPGUARD) ? 1 : 0;
+  node->strip_hsdir = (authstatus & RTR_STRIPHSDIR) ? 1 : 0;
+  node->strip_v2dir = (authstatus & RTR_STRIPV2DIR) ? 1 : 0;
 }
 
 /** True iff <b>a</b> is more severe than <b>b</b>. */
@@ -965,6 +974,21 @@ directory_remove_invalid(void)
                (r & RTR_MIDDLEONLY) ? "" : "not");
       node->is_middle_only = (r&RTR_MIDDLEONLY) ? 1: 0;
     }
+    if (bool_neq((r & RTR_STRIPGUARD), node->strip_guard)) {
+      log_info(LD_DIRSERV, "Router '%s' is now %s guard", description,
+               (r & RTR_STRIPGUARD) ? "stripped of" : "not");
+      node->strip_guard = (r&RTR_STRIPGUARD) ? 1: 0;
+    }
+    if (bool_neq((r & RTR_STRIPHSDIR), node->strip_hsdir)) {
+      log_info(LD_DIRSERV, "Router '%s' is now %s hidden service directory",
+               description, (r & RTR_STRIPHSDIR) ? "stripped of" : "not");
+      node->strip_hsdir = (r&RTR_STRIPHSDIR) ? 1: 0;
+    }
+    if (bool_neq((r & RTR_STRIPV2DIR), node->strip_v2dir)) {
+      log_info(LD_DIRSERV, "Router '%s' is now %s v2 directory",
+               description, (r & RTR_STRIPV2DIR) ? "stripped of" : "not");
+      node->strip_v2dir = (r&RTR_STRIPV2DIR) ? 1: 0;
+    }
   } SMARTLIST_FOREACH_END(node);
 
   routerlist_assert_ok(rl);

diff --git a/src/feature/dirauth/process_descs.h b/src/feature/dirauth/process_descs.h
index a509eb1fbe403f4bdce45855c1879ccc0708bbf9..e922ce48cfa026505fc807644ea8f2eda6bfc0c2 100644 (file)
--- a/src/feature/dirauth/process_descs.h
+++ b/src/feature/dirauth/process_descs.h
@@ -47,6 +47,9 @@ typedef struct authdir_config_t {
 #define RTR_BADEXIT 16 /**< We'll tell clients not to use this as an exit. */
 /** We'll vote to only use this router as a midpoint. */
 #define RTR_MIDDLEONLY 32
+#define RTR_STRIPGUARD 64
+#define RTR_STRIPHSDIR 128
+#define RTR_STRIPV2DIR 256
 
 #endif /* defined(PROCESS_DESCS_PRIVATE) || defined(TOR_UNIT_TESTS) */
 

diff --git a/src/feature/dirauth/voteflags.c b/src/feature/dirauth/voteflags.c
index 71ee03e265a362fcc3c49419f65c6456db84255b..dc76f04a8e673b5d70a08383fb220252089824dd 100644 (file)
--- a/src/feature/dirauth/voteflags.c
+++ b/src/feature/dirauth/voteflags.c
@@ -625,6 +625,17 @@ dirauth_set_routerstatus_from_routerinfo(routerstatus_t *rs,
     rs->is_exit = rs->is_possible_guard = rs->is_hs_dir = rs->is_v2_dir = 0;
   }
 
+  /* Strip rs flags based on node flags. */
+  if (node->strip_guard) {
+    rs->is_possible_guard = 0;
+  }
+  if (node->strip_hsdir) {
+    rs->is_hs_dir = 0;
+  }
+  if (node->strip_v2dir) {
+    rs->is_v2_dir = 0;
+  }
+
   /* Set rs->is_staledesc. */
   rs->is_staledesc =
     (ri->cache_info.published_on + DESC_IS_STALE_INTERVAL) < now;

diff --git a/src/feature/nodelist/node_st.h b/src/feature/nodelist/node_st.h
index df67a47ada736bd9a66c271008b0ddbe962318ce..0dfa07d1ab4edababeedaccab26ac742d1729ef6 100644 (file)
--- a/src/feature/nodelist/node_st.h
+++ b/src/feature/nodelist/node_st.h
@@ -74,6 +74,9 @@ struct node_t {
   unsigned int is_middle_only:1;
   unsigned int is_hs_dir:1; /**< True iff this router is a hidden service
                              * directory according to the authorities. */
+  unsigned int strip_guard:1; /**< True iff we should strip the Guard flag. */
+  unsigned int strip_hsdir:1; /**< True iff we should strip the HSDir flag. */
+  unsigned int strip_v2dir:1; /**< True iff we should strip the V2Dir flag. */
 
   /* Local info: warning state. */