still publish your descriptor if orport is reachable but dirport isn't

when building testing circs for orport testing, require high-bandwidth
nodes, so fewer circs fail. complain about unreachable orport separately
from unreachable dirport.


svn:r3935

src/or/circuitbuild.c

@@ -467,7 +467,7 @@ int circuit_send_next_onion_skin(circuit_t *circ) {
         has_completed_circuit=1;
         log_fn(LOG_NOTICE,"Tor has successfully opened a circuit. Looks like it's working.");
         /* XXX009 Log a count of known routers here */
-        if (server_mode(options) && !check_whether_ports_reachable())
+        if (server_mode(options) && !check_whether_orport_reachable())
           log_fn(LOG_NOTICE,"Now checking whether ORPort %s %s reachable... (this may take several minutes)",
                  options->DirPort ? "and DirPort" : "",
                  options->DirPort ? "are" : "is");

src/or/circuituse.c

@@ -562,7 +562,7 @@ circuit_testing_failed(circuit_t *circ, int at_last_hop) {
   routerinfo_t *me = router_get_my_routerinfo();
 
   if (!at_last_hop)
-    circuit_launch_by_router(CIRCUIT_PURPOSE_TESTING, me, 0, 0, 1);
+    circuit_launch_by_router(CIRCUIT_PURPOSE_TESTING, me, 0, 1, 1);
   else
     log_fn(LOG_INFO,"Our testing circuit (to see if your ORPort is reachable) has failed. I'll try again later.");
 }

src/or/main.c

@@ -813,14 +813,17 @@ static void second_elapsed_callback(int fd, short event, void *args)
 
   if (server_mode(options) &&
       !we_are_hibernating() &&
-      !check_whether_ports_reachable() &&
       stats_n_seconds_working / TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT !=
       (stats_n_seconds_working+seconds_elapsed) /
         TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT) {
     /* every 20 minutes, check and complain if necessary */
     routerinfo_t *me = router_get_my_routerinfo();
-    log_fn(LOG_WARN,"Your server (%s:%d) has not managed to confirm that it is reachable. Please check your firewalls, ports, address, etc.",
-           me ? me->address : options->Address, options->ORPort);
+    if (!check_whether_orport_reachable())
+      log_fn(LOG_WARN,"Your server (%s:%d) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, etc.",
+             me ? me->address : options->Address, options->ORPort);
+    if (!check_whether_dirport_reachable())
+      log_fn(LOG_WARN,"Your server (%s:%d) has not managed to confirm that its DirPort is reachable. Please check your firewalls, ports, address, etc.",
+             me ? me->address : options->Address, options->DirPort);
   }
 
   /* if more than 10s have elapsed, probably the clock jumped: doesn't count. */

src/or/or.h

@@ -1711,7 +1711,8 @@ void rotate_onion_key(void);
 crypto_pk_env_t *init_key_from_file(const char *fname);
 int init_keys(void);
 
-int check_whether_ports_reachable(void);
+int check_whether_orport_reachable(void);
+int check_whether_dirport_reachable(void);
 void consider_testing_reachability(void);
 void router_orport_found_reachable(void);
 void router_dirport_found_reachable(void);

src/or/router.c

@@ -381,13 +381,13 @@ static int can_reach_or_port = 0;
 /** Whether we can reach our DirPort from the outside. */
 static int can_reach_dir_port = 0;
 
-/** Return 1 if all open ports are known reachable; else return 0. */
-int check_whether_ports_reachable(void) {
-  if (!can_reach_or_port)
-    return 0;
-  if (get_options()->DirPort && !can_reach_dir_port)
-    return 0;
-  return 1;
+/** Return 1 if or port is known reachable; else return 0. */
+int check_whether_orport_reachable(void) {
+  return can_reach_or_port;
+}
+/** Return 1 if we don't have a dirport configured, or if it's reachable. */
+int check_whether_dirport_reachable(void) {
+  return !get_options()->DirPort || can_reach_dir_port;
 }
 
 void consider_testing_reachability(void) {
@@ -397,11 +397,11 @@ void consider_testing_reachability(void) {
     return;
   }
 
-  if (!can_reach_or_port) {
-    circuit_launch_by_router(CIRCUIT_PURPOSE_TESTING, me, 0, 0, 1);
+  if (!check_whether_orport_reachable()) {
+    circuit_launch_by_router(CIRCUIT_PURPOSE_TESTING, me, 0, 1, 1);
   }
 
-  if (!can_reach_dir_port && me->dir_port) {
+  if (!check_whether_dirport_reachable()) {
     if (me) {
       directory_initiate_command_router(me, DIR_PURPOSE_FETCH_DIR, 1, NULL, NULL, 0);
     } else {
@@ -410,17 +410,11 @@ void consider_testing_reachability(void) {
   }
 }
 
-static void ports_now_reachable(void) {
-  log_fn(LOG_NOTICE,"Your server is reachable. Publishing server descriptor.");
-}
-
 /** Annotate that we found our ORPort reachable. */
 void router_orport_found_reachable(void) {
   if (!can_reach_or_port) {
-    log_fn(LOG_NOTICE,"Your ORPort is reachable from the outside. Excellent.");
+    log_fn(LOG_NOTICE,"Your ORPort is reachable from the outside. Excellent. Publishing server descriptor.");
     can_reach_or_port = 1;
-    if (check_whether_ports_reachable())
-      ports_now_reachable();
   }
 }
 
@@ -429,8 +423,6 @@ void router_dirport_found_reachable(void) {
   if (!can_reach_dir_port) {
     log_fn(LOG_NOTICE,"Your DirPort is reachable from the outside. Excellent.");
     can_reach_dir_port = 1;
-    if (check_whether_ports_reachable())
-      ports_now_reachable();
   }
 }
 
@@ -495,7 +487,7 @@ static int decide_if_publishable_server(time_t now) {
   if (options->AuthoritativeDir)
     return 1;
 
-  return check_whether_ports_reachable();
+  return check_whether_orport_reachable();
 }
 
 void consider_publishable_server(time_t now, int force) {
@@ -687,7 +679,8 @@ int router_rebuild_descriptor(int force) {
   ri->nickname = tor_strdup(options->Nickname);
   ri->addr = addr;
   ri->or_port = options->ORPort;
-  ri->dir_port = hibernating ? 0 : options->DirPort;
+  ri->dir_port = (hibernating || !check_whether_dirport_reachable()) ?
+                 0 : options->DirPort;
   ri->published_on = time(NULL);
   ri->onion_pkey = crypto_pk_dup_key(get_onion_key()); /* must invoke from main thread */
   ri->identity_pkey = crypto_pk_dup_key(get_identity_key());