mirrors/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-20 10:12:15 +01:00
Code Issues Projects Releases Wiki Activity

r14892@Kushana: nickm | 2007-10-11 14:00:33 -0400

Browse Source 
Fix a bunch of XXX020s: treat some 403s as INFO severity; remove some dead code; share the retry path for consensus routerdescs that are also listed in the v2 networkstatus; check even more aspects of votes when parsing them.


svn:r11871
This commit is contained in:
Nick Mathewson 2007-10-11 18:01:12 +00:00
parent 007d76543d
commit ff2820c1ba
5 changed files with 40 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@ -27,6 +27,7 @@ Changes in version 0.2.0.8-alpha - 2007-10-12
documents. documents.
- All hosts now attempt to download and keep fresh v3 authority - All hosts now attempt to download and keep fresh v3 authority
certificates, and re-attempt after failures. certificates, and re-attempt after failures.
- More internal-consistency checks for vote parsing.
o Major bugfixes (performance): o Major bugfixes (performance):
- Fix really bad O(n^2) performance when parsing a long list of - Fix really bad O(n^2) performance when parsing a long list of
@ -78,6 +79,10 @@ Changes in version 0.2.0.8-alpha - 2007-10-12
- On some platforms, accept() can return a broken address. Detect - On some platforms, accept() can return a broken address. Detect
this more quietly, and deal accordingly. (Fixes bug 483.) this more quietly, and deal accordingly. (Fixes bug 483.)
o Minor bugfixes (usability):
- Treat some 403 responses from directory servers as INFO rather than
WARN-severity events.
o Minor bugfixes (DNS): o Minor bugfixes (DNS):
- It's not actually an error to find a non-pending entry in the DNS - It's not actually an error to find a non-pending entry in the DNS
cache when canceling a pending resolve. Don't log unless stuff cache when canceling a pending resolve. Don't log unless stuff

10
src/or/directory.c
View File

@ -400,7 +400,6 @@ directory_get_from_all_authorities(uint8_t dir_purpose,
if (!(ds->type & V3_AUTHORITY)) if (!(ds->type & V3_AUTHORITY))
continue; continue;
rs = &ds->fake_status; rs = &ds->fake_status;
/* XXXX020 should this ever tunnel via tor? */
directory_initiate_command_routerstatus(rs, dir_purpose, router_purpose, directory_initiate_command_routerstatus(rs, dir_purpose, router_purpose,
0, resource, NULL, 0); 0, resource, NULL, 0);
}); });
@ -1343,8 +1342,8 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
log_info(LD_DIR,"Received networkstatus objects (size %d) from server " log_info(LD_DIR,"Received networkstatus objects (size %d) from server "
"'%s:%d'",(int) body_len, conn->_base.address, conn->_base.port); "'%s:%d'",(int) body_len, conn->_base.address, conn->_base.port);
if (status_code != 200) { if (status_code != 200) {
/* XXXX020 This warning tends to freak out clients who get a 403. */ int dir_okay = status_code == 403;
log_warn(LD_DIR, log_fn(dir_okay ? LOG_INFO : LOG_WARN, LD_DIR,
"Received http status code %d (%s) from server " "Received http status code %d (%s) from server "
"'%s:%d' while fetching \"/tor/status/%s\". I'll try again soon.", "'%s:%d' while fetching \"/tor/status/%s\". I'll try again soon.",
status_code, escaped(reason), conn->_base.address, status_code, escaped(reason), conn->_base.address,
@ -1372,7 +1371,7 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
smartlist_add(which, hex); smartlist_add(which, hex);
}); });
} else { } else {
/* Can we even end up here? -- weasel*/ /* XXXX Can we even end up here? -- weasel*/
source = NS_FROM_DIR_BY_FP; source = NS_FROM_DIR_BY_FP;
log_warn(LD_BUG, "We received a networkstatus but we didn't ask " log_warn(LD_BUG, "We received a networkstatus but we didn't ask "
"for it by fp, nor did we ask for all."); "for it by fp, nor did we ask for all.");
@ -1506,11 +1505,10 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
n_asked_for = smartlist_len(which); n_asked_for = smartlist_len(which);
} }
if (status_code != 200) { if (status_code != 200) {
int dir_okay = status_code == 404 || int dir_okay = status_code == 404 || status_code == 403 ||
(status_code == 400 && !strcmp(reason, "Servers unavailable.")); (status_code == 400 && !strcmp(reason, "Servers unavailable."));
/* 404 means that it didn't have them; no big deal. /* 404 means that it didn't have them; no big deal.
* Older (pre-0.1.1.8) servers said 400 Servers unavailable instead. */ * Older (pre-0.1.1.8) servers said 400 Servers unavailable instead. */
/* XXXX020 This warning tends to freak out clients who get a 403. */
log_fn(dir_okay ? LOG_INFO : LOG_WARN, LD_DIR, log_fn(dir_okay ? LOG_INFO : LOG_WARN, LD_DIR,
"Received http status code %d (%s) from server '%s:%d' " "Received http status code %d (%s) from server '%s:%d' "
"while fetching \"/tor/server/%s\". I'll try again soon.", "while fetching \"/tor/server/%s\". I'll try again soon.",

8
src/or/dirvote.c
View File

@ -325,14 +325,6 @@ networkstatus_compute_consensus(smartlist_t *votes,
vote_seconds = median_int(votesec_list, n_votes); vote_seconds = median_int(votesec_list, n_votes);
dist_seconds = median_int(distsec_list, n_votes); dist_seconds = median_int(distsec_list, n_votes);
/*
SMARTLIST_FOREACH(va_times, int*, i,
printf("VA: %d\n", *i));
SMARTLIST_FOREACH(fu_times, int*, i,
printf("FU: %d\n", *i));
printf("%d..%d\n", (int)valid_after, (int)valid_until);
*/
tor_assert(valid_after+MIN_VOTE_INTERVAL <= fresh_until); tor_assert(valid_after+MIN_VOTE_INTERVAL <= fresh_until);
tor_assert(fresh_until+MIN_VOTE_INTERVAL <= valid_until); tor_assert(fresh_until+MIN_VOTE_INTERVAL <= valid_until);
tor_assert(vote_seconds >= MIN_VOTE_SECONDS); tor_assert(vote_seconds >= MIN_VOTE_SECONDS);

14
src/or/routerlist.c
View File

@ -3826,10 +3826,20 @@ update_consensus_router_descriptor_downloads(time_t now)
list_pending_descriptor_downloads(map, 0); list_pending_descriptor_downloads(map, 0);
SMARTLIST_FOREACH(consensus->routerstatus_list, routerstatus_t *, rs, SMARTLIST_FOREACH(consensus->routerstatus_list, routerstatus_t *, rs,
{ {
/* ????020 need-to-mirror? */ routerstatus_t *lrs;
/* XXXX rate-limit retries. */
if (router_get_by_descriptor_digest(rs->descriptor_digest)) if (router_get_by_descriptor_digest(rs->descriptor_digest))
continue; /* We have it already. */ continue; /* We have it already. */
/* XXXX020 change this once the real consensus is the canonical place
* to go for router information. */
lrs = router_get_combined_status_by_digest(rs->identity_digest);
if (!lrs ||
memcmp(lrs->descriptor_digest, rs->descriptor_digest, DIGEST_LEN))
lrs = rs;
if (!download_status_is_ready(&lrs->dl_status, now,
MAX_ROUTERDESC_DOWNLOAD_FAILURES))
continue;
if (authdir && dirserv_would_reject_router(rs)) if (authdir && dirserv_would_reject_router(rs))
continue; /* We would throw it out immediately. */ continue; /* We would throw it out immediately. */
if (!dirserver && !client_would_use_router(rs, now, options)) if (!dirserver && !client_would_use_router(rs, now, options))

28
src/or/routerparse.c
View File

@ -1903,7 +1903,7 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
directory_token_t *tok; directory_token_t *tok;
int ok; int ok;
struct in_addr in; struct in_addr in;
int i, inorder; int i, inorder, n_signatures = 0;
if (router_get_networkstatus_v3_hash(s, ns_digest)) { if (router_get_networkstatus_v3_hash(s, ns_digest)) {
log_warn(LD_DIR, "Unable to compute digest of network-status"); log_warn(LD_DIR, "Unable to compute digest of network-status");
@ -2040,6 +2040,11 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
"network-status vote.", escaped(tok->args[1])); "network-status vote.", escaped(tok->args[1]));
goto err; goto err;
} }
if (is_vote && memcmp(ns->cert->cache_info.identity_digest,
voter->identity_digest, DIGEST_LEN)) {
log_warn(LD_DIR,"Mismatch between identities in certificate and vote");
goto err;
}
voter->address = tor_strdup(tok->args[2]); voter->address = tor_strdup(tok->args[2]);
if (!tor_inet_aton(tok->args[3], &in)) { if (!tor_inet_aton(tok->args[3], &in)) {
log_warn(LD_DIR, "Error decoding IP address %s in network-status.", log_warn(LD_DIR, "Error decoding IP address %s in network-status.",
@ -2174,13 +2179,13 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
goto err; goto err;
} }
if (is_vote && if (is_vote) {
memcmp(declared_identity, ns->cert->cache_info.identity_digest, if (memcmp(declared_identity, ns->cert->cache_info.identity_digest,
DIGEST_LEN)) { DIGEST_LEN)) {
log_warn(LD_DIR, "Digest mismatch between declared and actual on " log_warn(LD_DIR, "Digest mismatch between declared and actual on "
"network-status vote."); "network-status vote.");
goto err; goto err;
/* XXXX020 also check cert against dir-source line. */ }
} }
if (is_vote) { if (is_vote) {
@ -2192,8 +2197,13 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
v->signature = tor_memdup(tok->object_body, tok->object_size); v->signature = tor_memdup(tok->object_body, tok->object_size);
v->signature_len = tok->object_size; v->signature_len = tok->object_size;
} }
++n_signatures;
}); });
/* XXXX020 enforce: vote must have at least one signature. */
if (! n_signatures) {
log_warn(LD_DIR, "No signatures on networkstatus vote.");
goto err;
}
/* XXXX020 check dates for plausibility. ??? */ /* XXXX020 check dates for plausibility. ??? */