r11676@Kushana: nickm | 2006-12-23 20:42:17 -0500

Add an orport option to dirserver lines so that clients can tell where to connect to open an encrypted tunnel to a dirserver even before they have its descriptor. svn:r9171
2006-12-24 02:45:27 +00:00 · 2006-12-24 02:45:27 +00:00 · 4d948281c3
parent 488b4726a7
commit 4d948281c3
7 changed files with 33 additions and 14 deletions
--- a/3
+++ b/3
@ -36,6 +36,9 @@ Changes in version 0.1.2.5-xxxx - 200?-??-??
    - Remove some options that have been deprecated since at least 0.1.0.x:
      AccountingMaxKB, LogFile, DebugLogFile, LogLevel, and SysLog.  Use
      AccountingMax instead of AccountingMaxKB; use Log to set log options.
+    - DirServer configuration lines now have an orport option so clients can
+      open encrypted tunnels to the authorities without having downloaded
+      their descriptors yet.

  o Security bugfixes:
    - Stop sending the HttpProxyAuthenticator string to directory
--- a/doc/TODO
+++ b/doc/TODO
@ -53,7 +53,7 @@ R   - and implement the rest
 R   - turn the received socks addr:port into a digest for setting .exit
    - be able to connect without having a server descriptor, to bootstrap.
 R     - handle connect-dir streams that don't have a chosen_exit_name set.
-N     - include ORPort in DirServers lines so we can know where to connect.
+      o include ORPort in DirServers lines so we can know where to connect.
        list the orport as 0 if it can't handle begin_dir.
 N     - list versions in status page
        a new line in the status entry. "Tor 0.1.2.2-alpha". If it's
--- a/doc/tor.1.in
+++ b/doc/tor.1.in
@ -108,7 +108,9 @@ for current ("v2")-style directories, unless the "no-v2" flag is given.  If the
 authority for old-style (v1) directories as well.  (Only directory mirrors
 care about this.)  Tor will use this server as an authority for hidden
 service information if the "hs" flag is set, or if the "v1" flag is set and
-the "no-hs" flag is \fBnot\fP set.
+the "no-hs" flag is \fBnot\fP set.  If a flag "orport=\fBport\fR" is given,
+Tor will consider use the given port to open encrypted tunnels to the
+dirserver.
 If no \fBdirserver\fP line is given, Tor will use the default
 directory servers.  NOTE: this option is intended
 for setting up a private Tor network with its own directory authorities.  If
--- a/src/or/config.c
+++ b/src/or/config.c
@ -3329,7 +3329,7 @@ parse_dir_server_line(const char *line, int validate_only)
  smartlist_t *items = NULL;
  int r;
  char *addrport=NULL, *address=NULL, *nickname=NULL, *fingerprint=NULL;
-  uint16_t port;
+  uint16_t dir_port = 0, or_port = 0;
  char digest[DIGEST_LEN];
  int is_v1_authority = 0, is_hidserv_authority = 0,
    is_not_hidserv_authority = 0, is_v2_authority = 1;
@ -3359,6 +3359,12 @@ parse_dir_server_line(const char *line, int validate_only)
      is_not_hidserv_authority = 1;
    } else if (!strcasecmp(flag, "no-v2")) {
      is_v2_authority = 0;
+    } else if (!strcasecmpstart(flag, "orport=")) {
+      int ok;
+      flag += strlen("orport=");
+      or_port = tor_parse_long(flag, 10, 1, 65535, &ok, NULL);
+      if (!ok)
+        log_warn(LD_CONFIG, "Invalid orport '%s' on DirServer line.", flag);
    } else {
      log_warn(LD_CONFIG, "Unrecognized flag '%s' on DirServer line",
               flag);
@ -3375,11 +3381,11 @@ parse_dir_server_line(const char *line, int validate_only)
    goto err;
  }
  addrport = smartlist_get(items, 0);
-  if (parse_addr_port(LOG_WARN, addrport, &address, NULL, &port)<0) {
+  if (parse_addr_port(LOG_WARN, addrport, &address, NULL, &dir_port)<0) {
    log_warn(LD_CONFIG, "Error parsing DirServer address '%s'", addrport);
    goto err;
  }
-  if (!port) {
+  if (!dir_port) {
    log_warn(LD_CONFIG, "Missing port in DirServer address '%s'",addrport);
    goto err;
  }
@ -3396,9 +3402,11 @@ parse_dir_server_line(const char *line, int validate_only)
  }

  if (!validate_only) {
-    log_debug(LD_DIR, "Trusted dirserver at %s:%d (%s)", address, (int)port,
+    log_debug(LD_DIR, "Trusted dirserver at %s:%d (%s)", address,
+              (int)dir_port,
              (char*)smartlist_get(items,1));
-    add_trusted_dir_server(nickname, address, port, digest, is_v1_authority,
+    add_trusted_dir_server(nickname, address, dir_port, or_port, digest,
+                           is_v1_authority,
                           is_v2_authority, is_hidserv_authority);

  }
--- a/src/or/or.h
+++ b/src/or/or.h
@ -2661,6 +2661,7 @@ typedef struct trusted_dir_server_t {
  char *address; /**< Hostname */
  uint32_t addr; /**< IPv4 address */
  uint16_t dir_port; /**< Directory port */
+  uint16_t or_port; /**< OR port: Used for tunneling connections */
  char digest[DIGEST_LEN]; /**< Digest of identity key */
  unsigned int is_running:1; /**< True iff we think this server is running. */
  /** True iff this server is an authority for the older ("v1") directory
@ -2759,8 +2760,8 @@ int router_exit_policy_all_routers_reject(uint32_t addr, uint16_t port,
                                          int need_uptime);
 int router_exit_policy_rejects_all(routerinfo_t *router);

-void add_trusted_dir_server(const char *nickname,
-                            const char *address, uint16_t port,
+void add_trusted_dir_server(const char *nickname, const char *address,
+                            uint16_t dir_port, uint16_t or_port,
                            const char *digest, int is_v1_authority,
                            int is_v2_authority, int is_hidserv_authority);
 void clear_trusted_dir_servers(void);
--- a/src/or/router.c
+++ b/src/or/router.c
@ -377,7 +377,9 @@ init_keys(void)
  crypto_pk_get_digest(get_identity_key(), digest);
  if (!router_digest_is_trusted_dir(digest)) {
    add_trusted_dir_server(options->Nickname, NULL,
-                           (uint16_t)options->DirPort, digest,
+                           (uint16_t)options->DirPort,
+                           (uint16_t)options->ORPort,
+                           digest,
                           options->V1AuthoritativeDir, /* v1 authority */
                           1, /* v2 authority */
                           options->HSAuthoritativeDir /*hidserv authority*/);
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@ -2819,7 +2819,8 @@ router_exit_policy_rejects_all(routerinfo_t *router)
 * <b>address</b> is NULL, add ourself. */
 void
 add_trusted_dir_server(const char *nickname, const char *address,
-                       uint16_t port, const char *digest, int is_v1_authority,
+                       uint16_t dir_port, uint16_t or_port,
+                       const char *digest, int is_v1_authority,
                       int is_v2_authority, int is_hidserv_authority)
 {
  trusted_dir_server_t *ent;
@ -2851,7 +2852,8 @@ add_trusted_dir_server(const char *nickname, const char *address,
  ent->nickname = nickname ? tor_strdup(nickname) : NULL;
  ent->address = hostname;
  ent->addr = a;
-  ent->dir_port = port;
+  ent->dir_port = dir_port;
+  ent->or_port = or_port;
  ent->is_running = 1;
  ent->is_v1_authority = is_v1_authority;
  ent->is_v2_authority = is_v2_authority;
@ -2862,10 +2864,10 @@ add_trusted_dir_server(const char *nickname, const char *address,
  ent->description = tor_malloc(dlen);
  if (nickname)
    tor_snprintf(ent->description, dlen, "directory server \"%s\" at %s:%d",
-                 nickname, hostname, (int)port);
+                 nickname, hostname, (int)dir_port);
  else
    tor_snprintf(ent->description, dlen, "directory server at %s:%d",
-                 hostname, (int)port);
+                 hostname, (int)dir_port);

  ent->fake_status.addr = ent->addr;
  memcpy(ent->fake_status.identity_digest, digest, DIGEST_LEN);
@ -2875,6 +2877,7 @@ add_trusted_dir_server(const char *nickname, const char *address,
  else
    ent->fake_status.nickname[0] = '\0';
  ent->fake_status.dir_port = ent->dir_port;
+  ent->fake_status.or_port = ent->or_port;

  smartlist_add(trusted_dir_servers, ent);
  router_dir_info_changed();