mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2025-02-25 07:07:52 +01:00
DROPGUARDS controller command
Implements ticket 9934; patch from "ra"
This commit is contained in:
parent
17d368281a
commit
71bd100976
4 changed files with 52 additions and 0 deletions
4
changes/bug9934
Normal file
4
changes/bug9934
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
o Minor features (controller):
|
||||||
|
- New DROPGUARDS command to forget all current entry guards. Not
|
||||||
|
recommended for ordinary use, since replacing guards too frequently
|
||||||
|
makes several attacks easier. Resolves ticket #9934; patch from "ra".
|
|
@ -3141,6 +3141,30 @@ handle_control_usefeature(control_connection_t *conn,
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/** Implementation for the DROPGUARDS command. */
|
||||||
|
static int
|
||||||
|
handle_control_dropguards(control_connection_t *conn,
|
||||||
|
uint32_t len,
|
||||||
|
const char *body)
|
||||||
|
{
|
||||||
|
smartlist_t *args;
|
||||||
|
(void) len; /* body is nul-terminated; it's safe to ignore the length */
|
||||||
|
args = smartlist_new();
|
||||||
|
smartlist_split_string(args, body, " ",
|
||||||
|
SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
|
||||||
|
|
||||||
|
if (smartlist_len(args)) {
|
||||||
|
connection_printf_to_buf(conn, "512 Too many arguments to DROPGUARDS\r\n");
|
||||||
|
} else {
|
||||||
|
remove_all_entry_guards();
|
||||||
|
send_control_done(conn);
|
||||||
|
}
|
||||||
|
|
||||||
|
SMARTLIST_FOREACH(args, char *, cp, tor_free(cp));
|
||||||
|
smartlist_free(args);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
/** Called when <b>conn</b> has no more bytes left on its outbuf. */
|
/** Called when <b>conn</b> has no more bytes left on its outbuf. */
|
||||||
int
|
int
|
||||||
connection_control_finished_flushing(control_connection_t *conn)
|
connection_control_finished_flushing(control_connection_t *conn)
|
||||||
|
@ -3440,6 +3464,9 @@ connection_control_process_inbuf(control_connection_t *conn)
|
||||||
} else if (!strcasecmp(conn->incoming_cmd, "AUTHCHALLENGE")) {
|
} else if (!strcasecmp(conn->incoming_cmd, "AUTHCHALLENGE")) {
|
||||||
if (handle_control_authchallenge(conn, cmd_data_len, args))
|
if (handle_control_authchallenge(conn, cmd_data_len, args))
|
||||||
return -1;
|
return -1;
|
||||||
|
} else if (!strcasecmp(conn->incoming_cmd, "DROPGUARDS")) {
|
||||||
|
if (handle_control_dropguards(conn, cmd_data_len, args))
|
||||||
|
return -1;
|
||||||
} else {
|
} else {
|
||||||
connection_printf_to_buf(conn, "510 Unrecognized command \"%s\"\r\n",
|
connection_printf_to_buf(conn, "510 Unrecognized command \"%s\"\r\n",
|
||||||
conn->incoming_cmd);
|
conn->incoming_cmd);
|
||||||
|
|
|
@ -598,6 +598,25 @@ remove_dead_entry_guards(time_t now)
|
||||||
return changed ? 1 : 0;
|
return changed ? 1 : 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/** Remove all currently listed entry guards. So new ones will be chosen. */
|
||||||
|
void
|
||||||
|
remove_all_entry_guards(void)
|
||||||
|
{
|
||||||
|
char dbuf[HEX_DIGEST_LEN+1];
|
||||||
|
|
||||||
|
while (smartlist_len(entry_guards)) {
|
||||||
|
entry_guard_t *entry = smartlist_get(entry_guards, 0);
|
||||||
|
base16_encode(dbuf, sizeof(dbuf), entry->identity, DIGEST_LEN);
|
||||||
|
log_info(LD_CIRC, "Entry guard '%s' (%s) has been dropped.",
|
||||||
|
entry->nickname, dbuf);
|
||||||
|
control_event_guard(entry->nickname, entry->identity, "DROPPED");
|
||||||
|
entry_guard_free(entry);
|
||||||
|
smartlist_del(entry_guards, 0);
|
||||||
|
}
|
||||||
|
log_entry_guards(LOG_INFO);
|
||||||
|
entry_guards_changed();
|
||||||
|
}
|
||||||
|
|
||||||
/** A new directory or router-status has arrived; update the down/listed
|
/** A new directory or router-status has arrived; update the down/listed
|
||||||
* status of the entry guards.
|
* status of the entry guards.
|
||||||
*
|
*
|
||||||
|
|
|
@ -77,6 +77,8 @@ int num_live_entry_guards(int for_directory);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
void remove_all_entry_guards(void);
|
||||||
|
|
||||||
void entry_guards_compute_status(const or_options_t *options, time_t now);
|
void entry_guards_compute_status(const or_options_t *options, time_t now);
|
||||||
int entry_guard_register_connect_status(const char *digest, int succeeded,
|
int entry_guard_register_connect_status(const char *digest, int succeeded,
|
||||||
int mark_relay_status, time_t now);
|
int mark_relay_status, time_t now);
|
||||||
|
|
Loading…
Add table
Reference in a new issue