From: Roger Dingledine <arma@torproject.org>
Date: Fri, 8 Sep 2023 00:32:57 +0000 (-0400)
Subject: resolve scary vanguard-related log msgs on dir auths
X-Git-Tag: tor-0.4.9.2-alpha~14^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2ee118d64c80f363c2a95514e075c709484d3a0a;p=thirdparty%2Ftor.git

resolve scary vanguard-related log msgs on dir auths

After we added layer-two vanguards, directory authorities wouldn't
think any of their vanguards were suitable for circuits, leading
to a "Failed to find node for hop #2 of our path. Discarding
this circuit." log message once per second from startup until
they made a fresh consensus. Now they look to their existing
consensus on startup, letting them build circuits properly from
the beginning.

Fixes bug 40802; bugfix on 0.4.7.1-alpha.
---

diff --git a/changes/bug40802 b/changes/bug40802
new file mode 100644
index 0000000000..2ec4afd59d
--- /dev/null
+++ b/changes/bug40802
@@ -0,0 +1,9 @@
+  o Minor bugfixes (directory authorities):
+    - After we added layer-two vanguards, directory authorities wouldn't
+      think any of their vanguards were suitable for circuits, leading
+      to a "Failed to find node for hop #2 of our path. Discarding
+      this circuit." log message once per second from startup until
+      they made a fresh consensus. Now they look to their existing
+      consensus on startup, letting them build circuits properly from
+      the beginning. Fixes bug 40802; bugfix on 0.4.7.1-alpha.
+
diff --git a/src/feature/nodelist/nodelist.c b/src/feature/nodelist/nodelist.c
index 889140b408..26f78a5bfb 100644
--- a/src/feature/nodelist/nodelist.c
+++ b/src/feature/nodelist/nodelist.c
@@ -761,15 +761,21 @@ nodelist_set_consensus(const networkstatus_t *ns)
     }
     node_set_country(node);
 
-    /* If we're not an authdir, believe others. */
-    if (!authdir) {
+    /* Set node's flags based on rs's flags. */
+    {
       node->is_valid = rs->is_valid;
       node->is_running = rs->is_flagged_running;
       node->is_fast = rs->is_fast;
       node->is_stable = rs->is_stable;
       node->is_possible_guard = rs->is_possible_guard;
       node->is_exit = rs->is_exit;
-      node->is_bad_exit = rs->is_bad_exit;
+      if (!authdir) {
+        /* Authdirs treat is_bad_exit specially in that they only assign
+         * it when the descriptor arrives. So when a dir auth is reading
+         * the flags from an existing consensus, don't believe the bit
+         * here, else it will get stuck 'on' forever. */
+        node->is_bad_exit = rs->is_bad_exit;
+      }
       node->is_hs_dir = rs->is_hs_dir;
       node->ipv6_preferred = 0;
       if (reachable_addr_prefer_ipv6_orport(options) &&