tor

The Tor anonymity network
git clone https://git.dasho.dev/tor.git
Log | Files | Refs | README | LICENSE
commit b66b62fb7525cac1e18385e130249ce24f5c9fea
parent 28d4355a6ebe69c84d0ae31d7a0763f0a17f0151
Author: teor <teor2345@gmail.com>
Date:   Sat,  2 Dec 2017 23:03:50 +1100

Stop waiting for microdescs if the consensus supports IPv6 ORPorts

Also make IPv6-only clients wait for microdescs for relays, even if we were
previously using descriptors (or were using them as a bridge) and have
a cached descriptor for them.

But if node_is_a_configured_bridge(), stop waiting for its IPv6 address in
a microdescriptor, because we'll never use it.

Implements #23827.

Diffstat:

Achanges/bug23827 | 8++++++++


Msrc/or/policies.c | 31++++++++++++++++++++++++-------


2 files changed, 32 insertions(+), 7 deletions(-)

diff --git a/changes/bug23827 b/changes/bug23827
@@ -0,0 +1,8 @@
+  o Minor feature (IPv6):
+    - When a consensus has IPv6 ORPorts, make IPv6-only clients use them,
+      rather than waiting to download microdescriptors.
+      Implements #23827.
+    - Make IPv6-only clients wait for microdescs for relays, even if we were
+      previously using descriptors (or were using them as a bridge) and have
+      a cached descriptor for them.
+      Implements #23827.
diff --git a/src/or/policies.c b/src/or/policies.c
@@ -18,6 +18,7 @@
 #define POLICIES_PRIVATE
 
 #include "or.h"
+#include "bridges.h"
 #include "config.h"
 #include "dirserv.h"
 #include "microdesc.h"
@@ -893,9 +894,10 @@ fascist_firewall_choose_address_ipv4h(uint32_t ipv4h_addr,
                                               pref_ipv6, ap);
 }
 
-/* The microdescriptor consensus has no IPv6 addresses in rs: they are in
- * the microdescriptors. This means we can't rely on the node's IPv6 address
- * until its microdescriptor is available (when using microdescs).
+/* Some microdescriptor consensus methods have no IPv6 addresses in rs: they
+ * are in the microdescriptors. For these consensus methods, we can't rely on
+ * the node's IPv6 address until its microdescriptor is available (when using
+ * microdescs).
  * But for bridges, rewrite_node_address_for_bridge() updates node->ri with
  * the configured address, so we can trust bridge addresses.
  * (Bridges could gain an IPv6 address if their microdescriptor arrives, but
@@ -913,11 +915,26 @@ node_awaiting_ipv6(const or_options_t* options, const node_t *node)
     return 0;
   }
 
+  /* If the node has an IPv6 address, we're not waiting */
+  if (node_has_ipv6_addr(node)) {
+    return 0;
+  }
+
+  /* If the current consensus method and flavour has IPv6 addresses, we're not
+   * waiting */
+  if (networkstatus_consensus_has_ipv6(options)) {
+    return 0;
+  }
+
+  /* Bridge clients never use the address from a bridge's md, so there's no
+   * need to wait for it. */
+  if (node_is_a_configured_bridge(node)) {
+    return 0;
+  }
+
   /* We are waiting if we_use_microdescriptors_for_circuits() and we have no
-   * md. Bridges have a ri based on their config. They would never use the
-   * address from their md, so there's no need to wait for it. */
-  return (!node->md && we_use_microdescriptors_for_circuits(options) &&
-          !node->ri);
+   * md. */
+  return (!node->md && we_use_microdescriptors_for_circuits(options));
 }
 
 /** Like fascist_firewall_choose_address_base(), but takes <b>rs</b>.