commit 03894bfa338435b9198a4ea4cf827d156cef59b1
parent 4dc2fd581184a5010b689fe598a769f6cd66c46f
Author: Mike Perry <mikeperry-git@torproject.org>
Date: Thu, 13 Mar 2025 20:00:03 +0000
Provide dirauth ability to strip specific flags.
Diffstat:
4 files changed, 41 insertions(+), 0 deletions(-)
diff --git a/src/feature/dirauth/process_descs.c b/src/feature/dirauth/process_descs.c
@@ -228,6 +228,12 @@ dirserv_load_fingerprint_file(void)
add_status = RTR_INVALID;
} else if (!strcasecmp(nickname, "!middleonly")) {
add_status = RTR_MIDDLEONLY;
+ } else if (!strcasecmp(nickname, "!stripexit")) {
+ add_status = RTR_STRIPGUARD;
+ } else if (!strcasecmp(nickname, "!striphsdir")) {
+ add_status = RTR_STRIPHSDIR;
+ } else if (!strcasecmp(nickname, "!stripv2dir")) {
+ add_status = RTR_STRIPV2DIR;
}
/* Check if fingerprint is RSA or ed25519 by verifying it. */
@@ -627,6 +633,9 @@ dirserv_set_node_flags_from_authoritative_status(node_t *node,
node->is_valid = (authstatus & RTR_INVALID) ? 0 : 1;
node->is_bad_exit = (authstatus & RTR_BADEXIT) ? 1 : 0;
node->is_middle_only = (authstatus & RTR_MIDDLEONLY) ? 1 : 0;
+ node->strip_guard = (authstatus & RTR_STRIPGUARD) ? 1 : 0;
+ node->strip_hsdir = (authstatus & RTR_STRIPHSDIR) ? 1 : 0;
+ node->strip_v2dir = (authstatus & RTR_STRIPV2DIR) ? 1 : 0;
}
/** True iff <b>a</b> is more severe than <b>b</b>. */
@@ -965,6 +974,21 @@ directory_remove_invalid(void)
(r & RTR_MIDDLEONLY) ? "" : "not");
node->is_middle_only = (r&RTR_MIDDLEONLY) ? 1: 0;
}
+ if (bool_neq((r & RTR_STRIPGUARD), node->strip_guard)) {
+ log_info(LD_DIRSERV, "Router '%s' is now %s guard", description,
+ (r & RTR_STRIPGUARD) ? "stripped of" : "not");
+ node->strip_guard = (r&RTR_STRIPGUARD) ? 1: 0;
+ }
+ if (bool_neq((r & RTR_STRIPHSDIR), node->strip_hsdir)) {
+ log_info(LD_DIRSERV, "Router '%s' is now %s hidden service directory",
+ description, (r & RTR_STRIPHSDIR) ? "stripped of" : "not");
+ node->strip_hsdir = (r&RTR_STRIPHSDIR) ? 1: 0;
+ }
+ if (bool_neq((r & RTR_STRIPV2DIR), node->strip_v2dir)) {
+ log_info(LD_DIRSERV, "Router '%s' is now %s v2 directory",
+ description, (r & RTR_STRIPV2DIR) ? "stripped of" : "not");
+ node->strip_v2dir = (r&RTR_STRIPV2DIR) ? 1: 0;
+ }
} SMARTLIST_FOREACH_END(node);
routerlist_assert_ok(rl);
diff --git a/src/feature/dirauth/process_descs.h b/src/feature/dirauth/process_descs.h
@@ -47,6 +47,9 @@ typedef struct authdir_config_t {
#define RTR_BADEXIT 16 /**< We'll tell clients not to use this as an exit. */
/** We'll vote to only use this router as a midpoint. */
#define RTR_MIDDLEONLY 32
+#define RTR_STRIPGUARD 64
+#define RTR_STRIPHSDIR 128
+#define RTR_STRIPV2DIR 256
#endif /* defined(PROCESS_DESCS_PRIVATE) || defined(TOR_UNIT_TESTS) */
diff --git a/src/feature/dirauth/voteflags.c b/src/feature/dirauth/voteflags.c
@@ -625,6 +625,17 @@ dirauth_set_routerstatus_from_routerinfo(routerstatus_t *rs,
rs->is_exit = rs->is_possible_guard = rs->is_hs_dir = rs->is_v2_dir = 0;
}
+ /* Strip rs flags based on node flags. */
+ if (node->strip_guard) {
+ rs->is_possible_guard = 0;
+ }
+ if (node->strip_hsdir) {
+ rs->is_hs_dir = 0;
+ }
+ if (node->strip_v2dir) {
+ rs->is_v2_dir = 0;
+ }
+
/* Set rs->is_staledesc. */
rs->is_staledesc =
(ri->cache_info.published_on + DESC_IS_STALE_INTERVAL) < now;
diff --git a/src/feature/nodelist/node_st.h b/src/feature/nodelist/node_st.h
@@ -74,6 +74,9 @@ struct node_t {
unsigned int is_middle_only:1;
unsigned int is_hs_dir:1; /**< True iff this router is a hidden service
* directory according to the authorities. */
+ unsigned int strip_guard:1; /**< True iff we should strip the Guard flag. */
+ unsigned int strip_hsdir:1; /**< True iff we should strip the HSDir flag. */
+ unsigned int strip_v2dir:1; /**< True iff we should strip the V2Dir flag. */
/* Local info: warning state. */
