Add a DisableV2DirectoryInfo_ option to 404 all v2 ns requests

I have no idea whether b0rken clients will DoS the network if the v2
authorities all turn this on or not.  It's experimental. See #6783 for
a description of how to test it more or less safely, and please be
careful!

diff --git a/changes/6783_big_hammer b/changes/6783_big_hammer
new file mode 100644 (file)
index 0000000..2ff3249
--- /dev/null
+++ b/changes/6783_big_hammer
@@ -0,0 +1,6 @@
+  o Major features (deprecation):
+    - There's now a "DisableV2DirectoryInfo_" option that prevents us
+      from serving any directory requests for v2 directory information.
+      This is for us to test disabling the old deprecated V2 directory
+      format, so that we can see whether doing so has any effect on
+      network load. Part of a fix for bug 6783.

diff --git a/src/or/config.c b/src/or/config.c
index f88842624c347c0f366d5e23c064a7af5918bc7b..7e020b8638b662991e34c21273c611db9eeba27a 100644 (file)
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -213,6 +213,7 @@ static config_var_t option_vars_[] = {
   V(DisableAllSwap,              BOOL,     "0"),
   V(DisableDebuggerAttachment,   BOOL,     "1"),
   V(DisableIOCP,                 BOOL,     "1"),
+  V(DisableV2DirectoryInfo_,     BOOL,     "1"),
   V(DynamicDHGroups,             BOOL,     "0"),
   VPORT(DNSPort,                     LINELIST, NULL),
   V(DNSListenAddress,            LINELIST, NULL),

diff --git a/src/or/directory.c b/src/or/directory.c
index 6b61fc6a9989dbc37f2af12f5c09901e8a9c4584..38a423cb8e63d7892b6988ba6287f9cb77b0d714 100644 (file)
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -2805,6 +2805,19 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
     const char *key = url + strlen("/tor/status/");
     long lifetime = NETWORKSTATUS_CACHE_LIFETIME;
 
+    if (options->DisableV2DirectoryInfo_ && !is_v3) {
+      static ratelim_t reject_v2_ratelim = RATELIM_INIT(1800);
+      char *m;
+      write_http_status_line(conn, 404, "Not found");
+      smartlist_free(dir_fps);
+      geoip_note_ns_response(GEOIP_REJECT_NOT_FOUND);
+      if ((m = rate_limit_log(&reject_v2_ratelim, approx_time()))) {
+        log_notice(LD_DIR, "Rejected a v2 networkstatus request.%s", m);
+        tor_free(m);
+      }
+      goto done;
+    }
+
     if (!is_v3) {
       dirserv_get_networkstatus_v2_fingerprints(dir_fps, key);
       if (!strcmpstart(key, "fp/"))

diff --git a/src/or/or.h b/src/or/or.h
index 45eb4673ce0df678d6c2fcc2ea0780354c92ba3e..0f5dbd6ad55adf08dfd1be7f0bc9c1755b966580 100644 (file)
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -3999,6 +3999,16 @@ typedef struct {
 
   /** Fraction: */
   double PathsNeededToBuildCircuits;
+
+  /** Do we serve v2 directory info at all?  This is a temporary option, since
+   * we'd like to disable v2 directory serving entirely, but we need a way to
+   * make it temporarily disableable, in order to do fast testing and be
+   * able to turn it back on if it turns out to be non-workable.
+   *
+   * XXXX024 Don't actually leave this in.
+   */
+  int DisableV2DirectoryInfo_;
+
 } or_options_t;
 
 /** Persistent state for an onion router, as saved to disk. */