New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ticket33072 043 01 #1698
Ticket33072 043 01 #1698
Conversation
Pull Request Test Coverage Report for Build 7928
💛 - Coveralls |
That function is only used to test the global bucket write limit for a directory connection. It should _not_ be used for anything else since that function looks to see if we are a directory authority. Rename it to something more meaningful. No change in behavior at this commit, only renaming. Part of #33029 Signed-off-by: David Goulet <dgoulet@torproject.org>
…_low() Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: David Goulet <dgoulet@torproject.org>
We separate v4 and v6 because we often use an IPv4 address represented with a uint32_t instead of a tor_addr_t. This will be used to also add the trusted directory addresses taken from the configuration. The trusted directories from the consensus are already added to the address set from their descriptor. Signed-off-by: David Goulet <dgoulet@torproject.org>
The configured, within the torrc or hardcoded, directory authorities addresses are now added to the nodelist address set. Signed-off-by: David Goulet <dgoulet@torproject.org>
Authorities were never sending back 503 error code because by design they should be able to always answer directory requests regardless of bandwidth capacity. However, that recently backfired because of a large number of requests from unknown source using the DirPort that are _not_ getting their 503 code which overloaded the DirPort leading to the authority to be unable to answer to its fellow authorities. This is not a complete solution to the problem but it will help ease off the load on the authority side by sending back 503 codes *unless* the connection is from a known relay or an authority. Fixes #33029 Signed-off-by: David Goulet <dgoulet@torproject.org>
This controls the previous feature added that makes dirauth send back a 503 error code on non relay connections if under bandwidth pressure. Signed-off-by: David Goulet <dgoulet@torproject.org>
Part of #33029 Signed-off-by: David Goulet <dgoulet@torproject.org>
Fixes #33072 Signed-off-by: David Goulet <dgoulet@torproject.org>
9c7327a
to
f8e633a
Compare
src/core/mainloop/connection.c
Outdated
@@ -3277,8 +3277,11 @@ connection_bucket_write_limit(connection_t *conn, time_t now) | |||
* shouldn't send <b>attempt</b> bytes of low-priority directory stuff | |||
* out to <b>conn</b>. | |||
* | |||
* If we are a directory authority, always answer dir requests thus true is | |||
* always returned. | |||
* If we are are a directory authority, true is returned (indicating that we |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
are are
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed
* If we are a directory authority, always answer dir requests thus true is | ||
* always returned. | ||
* If we are are a directory authority, true is returned (indicating that we | ||
* should answer the request) if one of these conditions is met: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Careful -- 'true' indicates that we should not answer the request. This is part of the confusion we have from calling our option RejectUnderLoad and then having this function check if we're too loaded. It's hard to count the right number of negatives. Maybe we'll be happier long-term having the function be called "have-enough-room-to-answer" and inverting everything.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Indeed, s/true/false/g in that sentence. Fixed.
This also adds the support for the option meaning, if set, every uncompressed directory requests will be served by the dirauth with a 503 error code. Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: David Goulet <dgoulet@torproject.org>
No description provided.