tor

The Tor anonymity network
git clone https://git.dasho.dev/tor.git
Log | Files | Refs | README | LICENSE
commit 2ee118d64c80f363c2a95514e075c709484d3a0a
parent 10c8cc5879c3c3d0b8d9e45229888aef7f9fb535
Author: Roger Dingledine <arma@torproject.org>
Date:   Thu,  7 Sep 2023 20:32:57 -0400

resolve scary vanguard-related log msgs on dir auths

After we added layer-two vanguards, directory authorities wouldn't
think any of their vanguards were suitable for circuits, leading
to a "Failed to find node for hop #2 of our path. Discarding
this circuit." log message once per second from startup until
they made a fresh consensus. Now they look to their existing
consensus on startup, letting them build circuits properly from
the beginning.

Fixes bug 40802; bugfix on 0.4.7.1-alpha.

Diffstat:

Achanges/bug40802 | 9+++++++++


Msrc/feature/nodelist/nodelist.c | 12+++++++++---


2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/changes/bug40802 b/changes/bug40802
@@ -0,0 +1,9 @@
+  o Minor bugfixes (directory authorities):
+    - After we added layer-two vanguards, directory authorities wouldn't
+      think any of their vanguards were suitable for circuits, leading
+      to a "Failed to find node for hop #2 of our path. Discarding
+      this circuit." log message once per second from startup until
+      they made a fresh consensus. Now they look to their existing
+      consensus on startup, letting them build circuits properly from
+      the beginning. Fixes bug 40802; bugfix on 0.4.7.1-alpha.
+
diff --git a/src/feature/nodelist/nodelist.c b/src/feature/nodelist/nodelist.c
@@ -761,15 +761,21 @@ nodelist_set_consensus(const networkstatus_t *ns)
     }
     node_set_country(node);
 
-    /* If we're not an authdir, believe others. */
-    if (!authdir) {
+    /* Set node's flags based on rs's flags. */
+    {
       node->is_valid = rs->is_valid;
       node->is_running = rs->is_flagged_running;
       node->is_fast = rs->is_fast;
       node->is_stable = rs->is_stable;
       node->is_possible_guard = rs->is_possible_guard;
       node->is_exit = rs->is_exit;
-      node->is_bad_exit = rs->is_bad_exit;
+      if (!authdir) {
+        /* Authdirs treat is_bad_exit specially in that they only assign
+         * it when the descriptor arrives. So when a dir auth is reading
+         * the flags from an existing consensus, don't believe the bit
+         * here, else it will get stuck 'on' forever. */
+        node->is_bad_exit = rs->is_bad_exit;
+      }
       node->is_hs_dir = rs->is_hs_dir;
       node->ipv6_preferred = 0;
       if (reachable_addr_prefer_ipv6_orport(options) &&