commit c408d0a7f97e96491d4eae1ec21043c85716abd2
parent 3ac08ac200f63e42d6c98a5487082aa7e7b3995f
Author: David Goulet <dgoulet@torproject.org>
Date: Mon, 28 Nov 2022 09:35:53 -0500
Merge branch 'tor-gitlab/mr/657'
Diffstat:
3 files changed, 35 insertions(+), 10 deletions(-)
diff --git a/changes/ticket40705 b/changes/ticket40705
@@ -0,0 +1,7 @@
+ o Major features (dirauth):
+ - Directory authorities and relays now interact properly with
+ directory authorities if they change addresses. In the past, they
+ would continue to upload votes, signatures, descriptors, etc to
+ the hard-coded address in the configuration. Now, if the directory
+ authority is listed in the consensus at a different address, they
+ will direct queries to this new address. Implements ticket 40705.
diff --git a/src/feature/dirclient/dirclient.c b/src/feature/dirclient/dirclient.c
@@ -242,7 +242,14 @@ directory_post_to_dirservers(uint8_t dir_purpose, uint8_t router_purpose,
* harmless, and we may as well err on the side of getting things uploaded.
*/
SMARTLIST_FOREACH_BEGIN(dirservers, dir_server_t *, ds) {
- routerstatus_t *rs = &(ds->fake_status);
+ const routerstatus_t *rs = router_get_consensus_status_by_id(ds->digest);
+ if (!rs) {
+ /* prefer to use the address in the consensus, but fall back to
+ * the hard-coded trusted_dir_server address if we don't have a
+ * consensus or this digest isn't in our consensus. */
+ rs = &ds->fake_status;
+ }
+
size_t upload_len = payload_len;
if ((type & ds->type) == 0)
@@ -276,10 +283,8 @@ directory_post_to_dirservers(uint8_t dir_purpose, uint8_t router_purpose,
}
if (purpose_needs_anonymity(dir_purpose, router_purpose, NULL)) {
indirection = DIRIND_ANONYMOUS;
- } else if (!reachable_addr_allows_dir_server(ds,
- FIREWALL_DIR_CONNECTION,
- 0)) {
- if (reachable_addr_allows_dir_server(ds, FIREWALL_OR_CONNECTION, 0))
+ } else if (!reachable_addr_allows_rs(rs, FIREWALL_DIR_CONNECTION, 0)) {
+ if (reachable_addr_allows_rs(rs, FIREWALL_OR_CONNECTION, 0))
indirection = DIRIND_ONEHOP;
else
indirection = DIRIND_ANONYMOUS;
@@ -590,7 +595,13 @@ directory_get_from_all_authorities(uint8_t dir_purpose,
continue;
if (!(ds->type & V3_DIRINFO))
continue;
- const routerstatus_t *rs = &ds->fake_status;
+ const routerstatus_t *rs = router_get_consensus_status_by_id(ds->digest);
+ if (!rs) {
+ /* prefer to use the address in the consensus, but fall back to
+ * the hard-coded trusted_dir_server address if we don't have a
+ * consensus or this digest isn't in our consensus. */
+ rs = &ds->fake_status;
+ }
directory_request_t *req = directory_request_new(dir_purpose);
directory_request_set_routerstatus(req, rs);
directory_request_set_router_purpose(req, router_purpose);
diff --git a/src/feature/nodelist/routerlist.c b/src/feature/nodelist/routerlist.c
@@ -2651,7 +2651,7 @@ update_consensus_router_descriptor_downloads(time_t now, int is_vote,
digestmap_t *map = NULL;
smartlist_t *no_longer_old = smartlist_new();
smartlist_t *downloadable = smartlist_new();
- routerstatus_t *source = NULL;
+ const routerstatus_t *source = NULL;
int authdir = authdir_mode(options);
int n_delayed=0, n_have=0, n_would_reject=0, n_wouldnt_use=0,
n_inprogress=0, n_in_oldrouters=0;
@@ -2667,10 +2667,17 @@ update_consensus_router_descriptor_downloads(time_t now, int is_vote,
networkstatus_voter_info_t *voter = smartlist_get(consensus->voters, 0);
tor_assert(voter);
ds = trusteddirserver_get_by_v3_auth_digest(voter->identity_digest);
- if (ds)
- source = &(ds->fake_status);
- else
+ if (ds) {
+ source = router_get_consensus_status_by_id(ds->digest);
+ if (!source) {
+ /* prefer to use the address in the consensus, but fall back to
+ * the hard-coded trusted_dir_server address if we don't have a
+ * consensus or this digest isn't in our consensus. */
+ source = &ds->fake_status;
+ }
+ } else {
log_warn(LD_DIR, "couldn't lookup source from vote?");
+ }
}
map = digestmap_new();
