From: Nick Mathewson Date: Thu, 1 Nov 2007 04:14:23 +0000 (+0000) Subject: r16320@catbus: nickm | 2007-11-01 00:11:20 -0400 X-Git-Tag: tor-0.2.0.10-alpha~85 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=401b5c26de8d83f6af105abe560a0adc63890873;p=thirdparty%2Ftor.git r16320@catbus: nickm | 2007-11-01 00:11:20 -0400 Learn new addresses for authorities from their certificates. svn:r12305 --- diff --git a/ChangeLog b/ChangeLog index ff25280c50..eb30e3688c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -37,6 +37,8 @@ Changes in version 0.2.0.10-alpha - 2007-1?-?? - When we receive a consensus from the future, warn about skew. - Improve skew reporting: try to give the user a better log message about how skewed they are, and how much this matters. + - When we have a certificate for an authority, believe that certificate's + claims about the authority's IP address. o Minor features (controller): - When reporting clock skew, and we only have a lower bound on the amount diff --git a/doc/TODO b/doc/TODO index 0187869d31..045a0484f0 100644 --- a/doc/TODO +++ b/doc/TODO @@ -68,8 +68,8 @@ Things we'd like to do in 0.2.0.x: in the future, then log about skew. o should change the "skew complaint" to specify in largest units rather than just seconds. - - Learn new authority IPs from consensus/certs. - - karsten's patches + o Learn new authority IPs from consensus/certs. + o karsten's patches - Before the feature freeze: (Roger) - Make tunnelled dir conns use begin_dir if enabled diff --git a/src/or/config.c b/src/or/config.c index b891cda425..71c6fef9f3 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -202,6 +202,7 @@ static config_var_t _option_vars[] = { V(HttpsProxyAuthenticator, STRING, NULL), OBSOLETE("IgnoreVersion"), V(KeepalivePeriod, INTERVAL, "5 minutes"), + V(LearnAuthorityAddrFromCerts, BOOL, "1"), VAR("Log", LINELIST, Logs, NULL), OBSOLETE("LinkPadding"), OBSOLETE("LogLevel"), diff --git a/src/or/or.h b/src/or/or.h index ac832d8fb0..afc190639e 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2228,6 +2228,10 @@ typedef struct { /** DOCDOC here and in tor.1 */ char *FallbackNetworkstatusFile; + + /** DOCDOC here and in tor.1 */ + int LearnAuthorityAddrFromCerts; + } or_options_t; /** Persistent state for an onion router, as saved to disk. */ @@ -3649,6 +3653,8 @@ typedef struct trusted_dir_server_t { * latest certificate. */ download_status_t v2_ns_dl_status; /**< Status of downloading this server's * v2 network status. */ + time_t addr_current_at; /**< When was the document that we derived the + * address information from published? */ routerstatus_t fake_status; /**< Used when we need to pass this trusted * dir_server_t to directory_initiate_command_* diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 52125b8dcc..0b4500248f 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -108,6 +108,7 @@ trusted_dirs_load_certs_from_string(const char *contents, int from_store) { trusted_dir_server_t *ds; const char *s, *eos; + or_options_t *options = get_options(); for (s = contents; *s; s = eos) { authority_cert_t *cert = authority_cert_parse_from_string(s, &eos); @@ -141,6 +142,22 @@ trusted_dirs_load_certs_from_string(const char *contents, int from_store) continue; smartlist_add(ds->v3_certs, cert); + if (options->LearnAuthorityAddrFromCerts && + cert->cache_info.published_on > ds->addr_current_at) { + if (cert->addr && cert->dir_port && + (ds->addr != cert->addr || + ds->dir_port != cert->dir_port)) { + char *a = tor_dup_addr(cert->addr); + log_notice(LD_DIR, "Updating address for directory authority %s " + "from %s:%d to %s:%d based on in certificate.", + ds->nickname, ds->address, (int)ds->dir_port, + a, cert->dir_port); + tor_free(a); + ds->addr = cert->addr; + ds->dir_port = cert->dir_port; + } + ds->addr_current_at = cert->cache_info.published_on; + } if (!from_store) trusted_dir_servers_certs_changed = 1;