From: Mike Perry Date: Thu, 13 Mar 2025 20:00:03 +0000 (+0000) Subject: Provide dirauth ability to strip specific flags. X-Git-Tag: tor-0.4.8.15~3^2~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=03894bfa338435b9198a4ea4cf827d156cef59b1;p=thirdparty%2Ftor.git Provide dirauth ability to strip specific flags. --- diff --git a/src/feature/dirauth/process_descs.c b/src/feature/dirauth/process_descs.c index fafb781330..96cbaa8680 100644 --- a/src/feature/dirauth/process_descs.c +++ b/src/feature/dirauth/process_descs.c @@ -228,6 +228,12 @@ dirserv_load_fingerprint_file(void) add_status = RTR_INVALID; } else if (!strcasecmp(nickname, "!middleonly")) { add_status = RTR_MIDDLEONLY; + } else if (!strcasecmp(nickname, "!stripexit")) { + add_status = RTR_STRIPGUARD; + } else if (!strcasecmp(nickname, "!striphsdir")) { + add_status = RTR_STRIPHSDIR; + } else if (!strcasecmp(nickname, "!stripv2dir")) { + add_status = RTR_STRIPV2DIR; } /* Check if fingerprint is RSA or ed25519 by verifying it. */ @@ -627,6 +633,9 @@ dirserv_set_node_flags_from_authoritative_status(node_t *node, node->is_valid = (authstatus & RTR_INVALID) ? 0 : 1; node->is_bad_exit = (authstatus & RTR_BADEXIT) ? 1 : 0; node->is_middle_only = (authstatus & RTR_MIDDLEONLY) ? 1 : 0; + node->strip_guard = (authstatus & RTR_STRIPGUARD) ? 1 : 0; + node->strip_hsdir = (authstatus & RTR_STRIPHSDIR) ? 1 : 0; + node->strip_v2dir = (authstatus & RTR_STRIPV2DIR) ? 1 : 0; } /** True iff a is more severe than b. */ @@ -965,6 +974,21 @@ directory_remove_invalid(void) (r & RTR_MIDDLEONLY) ? "" : "not"); node->is_middle_only = (r&RTR_MIDDLEONLY) ? 1: 0; } + if (bool_neq((r & RTR_STRIPGUARD), node->strip_guard)) { + log_info(LD_DIRSERV, "Router '%s' is now %s guard", description, + (r & RTR_STRIPGUARD) ? "stripped of" : "not"); + node->strip_guard = (r&RTR_STRIPGUARD) ? 1: 0; + } + if (bool_neq((r & RTR_STRIPHSDIR), node->strip_hsdir)) { + log_info(LD_DIRSERV, "Router '%s' is now %s hidden service directory", + description, (r & RTR_STRIPHSDIR) ? "stripped of" : "not"); + node->strip_hsdir = (r&RTR_STRIPHSDIR) ? 1: 0; + } + if (bool_neq((r & RTR_STRIPV2DIR), node->strip_v2dir)) { + log_info(LD_DIRSERV, "Router '%s' is now %s v2 directory", + description, (r & RTR_STRIPV2DIR) ? "stripped of" : "not"); + node->strip_v2dir = (r&RTR_STRIPV2DIR) ? 1: 0; + } } SMARTLIST_FOREACH_END(node); routerlist_assert_ok(rl); diff --git a/src/feature/dirauth/process_descs.h b/src/feature/dirauth/process_descs.h index a509eb1fbe..e922ce48cf 100644 --- a/src/feature/dirauth/process_descs.h +++ b/src/feature/dirauth/process_descs.h @@ -47,6 +47,9 @@ typedef struct authdir_config_t { #define RTR_BADEXIT 16 /**< We'll tell clients not to use this as an exit. */ /** We'll vote to only use this router as a midpoint. */ #define RTR_MIDDLEONLY 32 +#define RTR_STRIPGUARD 64 +#define RTR_STRIPHSDIR 128 +#define RTR_STRIPV2DIR 256 #endif /* defined(PROCESS_DESCS_PRIVATE) || defined(TOR_UNIT_TESTS) */ diff --git a/src/feature/dirauth/voteflags.c b/src/feature/dirauth/voteflags.c index 71ee03e265..dc76f04a8e 100644 --- a/src/feature/dirauth/voteflags.c +++ b/src/feature/dirauth/voteflags.c @@ -625,6 +625,17 @@ dirauth_set_routerstatus_from_routerinfo(routerstatus_t *rs, rs->is_exit = rs->is_possible_guard = rs->is_hs_dir = rs->is_v2_dir = 0; } + /* Strip rs flags based on node flags. */ + if (node->strip_guard) { + rs->is_possible_guard = 0; + } + if (node->strip_hsdir) { + rs->is_hs_dir = 0; + } + if (node->strip_v2dir) { + rs->is_v2_dir = 0; + } + /* Set rs->is_staledesc. */ rs->is_staledesc = (ri->cache_info.published_on + DESC_IS_STALE_INTERVAL) < now; diff --git a/src/feature/nodelist/node_st.h b/src/feature/nodelist/node_st.h index df67a47ada..0dfa07d1ab 100644 --- a/src/feature/nodelist/node_st.h +++ b/src/feature/nodelist/node_st.h @@ -74,6 +74,9 @@ struct node_t { unsigned int is_middle_only:1; unsigned int is_hs_dir:1; /**< True iff this router is a hidden service * directory according to the authorities. */ + unsigned int strip_guard:1; /**< True iff we should strip the Guard flag. */ + unsigned int strip_hsdir:1; /**< True iff we should strip the HSDir flag. */ + unsigned int strip_v2dir:1; /**< True iff we should strip the V2Dir flag. */ /* Local info: warning state. */