[or-cvs] r12305: Learn new addresses for authorities from their certificates. (in tor/trunk: . doc src/or)

Thu Nov 1 04:14:25 UTC 2007

Author: nickm
Date: 2007-11-01 00:14:23 -0400 (Thu, 01 Nov 2007)
New Revision: 12305

Modified:
   tor/trunk/
   tor/trunk/ChangeLog
   tor/trunk/doc/TODO
   tor/trunk/src/or/config.c
   tor/trunk/src/or/or.h
   tor/trunk/src/or/routerlist.c
Log:
 r16320 at catbus:  nickm | 2007-11-01 00:11:20 -0400
 Learn new addresses for authorities from their certificates.



Property changes on: tor/trunk
___________________________________________________________________
 svk:merge ticket from /tor/trunk [r16320] on 8246c3cf-6607-4228-993b-4d95d33730f1

Modified: tor/trunk/ChangeLog
===================================================================

--- tor/trunk/ChangeLog	2007-11-01 03:56:17 UTC (rev 12304)
+++ tor/trunk/ChangeLog	2007-11-01 04:14:23 UTC (rev 12305)
@@ -37,6 +37,8 @@
     - When we receive a consensus from the future, warn about skew.
     - Improve skew reporting: try to give the user a better log message about
       how skewed they are, and how much this matters.
+    - When we have a certificate for an authority, believe that certificate's
+      claims about the authority's IP address.
 
   o Minor features (controller):
     - When reporting clock skew, and we only have a lower bound on the amount

Modified: tor/trunk/doc/TODO
===================================================================
--- tor/trunk/doc/TODO	2007-11-01 03:56:17 UTC (rev 12304)
+++ tor/trunk/doc/TODO	2007-11-01 04:14:23 UTC (rev 12305)
@@ -68,8 +68,8 @@
         in the future, then log about skew.
       o should change the "skew complaint" to specify in largest units
         rather than just seconds.
-    - Learn new authority IPs from consensus/certs.
-    - karsten's patches
+    o Learn new authority IPs from consensus/certs.
+    o karsten's patches
 
   - Before the feature freeze: (Roger)
     - Make tunnelled dir conns use begin_dir if enabled

Modified: tor/trunk/src/or/config.c
===================================================================
--- tor/trunk/src/or/config.c	2007-11-01 03:56:17 UTC (rev 12304)
+++ tor/trunk/src/or/config.c	2007-11-01 04:14:23 UTC (rev 12305)
@@ -202,6 +202,7 @@
   V(HttpsProxyAuthenticator,     STRING,   NULL),
   OBSOLETE("IgnoreVersion"),
   V(KeepalivePeriod,             INTERVAL, "5 minutes"),
+  V(LearnAuthorityAddrFromCerts, BOOL,     "1"),
   VAR("Log",                     LINELIST, Logs,             NULL),
   OBSOLETE("LinkPadding"),
   OBSOLETE("LogLevel"),

Modified: tor/trunk/src/or/or.h
===================================================================
--- tor/trunk/src/or/or.h	2007-11-01 03:56:17 UTC (rev 12304)
+++ tor/trunk/src/or/or.h	2007-11-01 04:14:23 UTC (rev 12305)
@@ -2228,6 +2228,10 @@
 
   /** DOCDOC here and in tor.1 */
   char *FallbackNetworkstatusFile;
+
+  /** DOCDOC here and in tor.1 */
+  int LearnAuthorityAddrFromCerts;
+
 } or_options_t;
 
 /** Persistent state for an onion router, as saved to disk. */
@@ -3649,6 +3653,8 @@
                                * latest certificate. */
   download_status_t v2_ns_dl_status; /**< Status of downloading this server's
                                * v2 network status. */
+  time_t addr_current_at; /**< When was the document that we derived the
+                           * address information from published? */
 
   routerstatus_t fake_status; /**< Used when we need to pass this trusted
                                * dir_server_t to directory_initiate_command_*

Modified: tor/trunk/src/or/routerlist.c
===================================================================
--- tor/trunk/src/or/routerlist.c	2007-11-01 03:56:17 UTC (rev 12304)
+++ tor/trunk/src/or/routerlist.c	2007-11-01 04:14:23 UTC (rev 12305)
@@ -108,6 +108,7 @@
 {
   trusted_dir_server_t *ds;
   const char *s, *eos;
+  or_options_t *options = get_options();
 
   for (s = contents; *s; s = eos) {
     authority_cert_t *cert = authority_cert_parse_from_string(s, &eos);
@@ -141,6 +142,22 @@
       continue;
 
     smartlist_add(ds->v3_certs, cert);
+    if (options->LearnAuthorityAddrFromCerts &&
+        cert->cache_info.published_on > ds->addr_current_at) {
+      if (cert->addr && cert->dir_port &&
+          (ds->addr != cert->addr ||
+           ds->dir_port != cert->dir_port)) {
+        char *a = tor_dup_addr(cert->addr);
+        log_notice(LD_DIR, "Updating address for directory authority %s "
+                   "from %s:%d to %s:%d based on in certificate.",
+                   ds->nickname, ds->address, (int)ds->dir_port,
+                   a, cert->dir_port);
+        tor_free(a);
+        ds->addr = cert->addr;
+        ds->dir_port = cert->dir_port;
+      }
+      ds->addr_current_at = cert->cache_info.published_on;
+    }
 
     if (!from_store)
       trusted_dir_servers_certs_changed = 1;

