New TestingDirAuthVote{Exit,Guard,HSDir}IsStrict flags

"option to prevent guard,exit,hsdir flag assignment"

"A node will never receive the corresponding flag unless
that node is specified in the
TestingDirAuthVote{Exit,Guard,HSDir} list, regardless of
its uptime, bandwidth, exit policy, or DirPort".

Patch modified by "teor": VoteOnHidServDirectoriesV2
is now obsolete, so TestingDirAuthVoteHSDir always
votes on HSDirs.

Closes ticket 14882. Patch by "robgjansen".
Commit message and changes file by "teor"
with quotes from "robgjansen".

changes/feature14882-TestingDirAuthVoteIsStrict

@@ -0,0 +1,18 @@
+  o Minor features (testing, authorities):
+    - New TestingDirAuthVote{Exit,Guard,HSDir}IsStrict flags.
+      "A node will never receive the corresponding flag unless
+       that node is specified in the
+       TestingDirAuthVote{Exit,Guard,HSDir} list, regardless of
+       its uptime, bandwidth, exit policy, or DirPort".
+      Closes ticket 14882. Patch by "robgjansen", modified by
+      "teor" as VoteOnHidServDirectoriesV2 is now obsolete.
+      Commit message and changes file by "teor" & "robgjansen".
+  o Minor features (testing, authorities, documentation):
+    - Fix an error in the manual page and comments for
+      TestingDirAuthVoteHSDir[IsStrict], which suggested that a
+      HSDir required "ORPort connectivity". While this is true,
+      it is in no way unique to the HSDir flag. Of all the flags,
+      only HSDirs need a DirPort configured in order for the
+      authorities to assign that particular flag.
+      Fixed as part of 14882. Patch by "teor".
+      Bugfix on 0.2.6.3 (f9d57473e1ff on 10 January 2015).

doc/tor.1.txt

@@ -2335,6 +2335,14 @@ The following options are used for running a testing Tor network.
     has to be set. See the **ExcludeNodes** option for more
     information on how to specify nodes.
 
+[[TestingDirAuthVoteExitIsStrict]] **TestingDirAuthVoteExitIsStrict** **0**|**1** ::
+    If True (1), a node will never receive the Exit flag unless it is specified
+    in the **TestingDirAuthVoteExit** list, regardless of its uptime, bandwidth,
+    or exit policy.
+ +
+    In order for this option to have any effect, **TestingTorNetwork**
+    has to be set.
+
 [[TestingDirAuthVoteGuard]] **TestingDirAuthVoteGuard** __node__,__node__,__...__::
     A list of identity fingerprints and country codes and
     address patterns of nodes to vote Guard for regardless of their
@@ -2344,6 +2352,13 @@ The following options are used for running a testing Tor network.
     In order for this option to have any effect, **TestingTorNetwork**
     has to be set.
 
+[[TestingDirAuthVoteGuardIsStrict]] **TestingDirAuthVoteGuardIsStrict** **0**|**1** ::
+    If True (1), a node will never receive the Guard flag unless it is specified
+    in the **TestingDirAuthVoteGuard** list, regardless of its uptime and bandwidth.
+ +
+    In order for this option to have any effect, **TestingTorNetwork**
+    has to be set.
+
 [[TestingDirAuthVoteHSDir]] **TestingDirAuthVoteHSDir** __node__,__node__,__...__::
     A list of identity fingerprints and country codes and
     address patterns of nodes to vote HSDir for regardless of their
@@ -2353,6 +2368,13 @@ The following options are used for running a testing Tor network.
     In order for this option to have any effect, **TestingTorNetwork**
     and **VoteOnHidServDirectoriesV2** both have to be set.
 
+[[TestingDirAuthVoteHSDirIsStrict]] **TestingDirAuthVoteHSDirIsStrict** **0**|**1** ::
+    If True (1), a node will never receive the HSDir flag unless it is specified
+    in the **TestingDirAuthVoteHSDir** list, regardless of its uptime and DirPort.
+ +
+    In order for this option to have any effect, **TestingTorNetwork**
+    has to be set.
+
 [[TestingEnableConnBwEvent]] **TestingEnableConnBwEvent** **0**|**1**::
     If this option is set, then Tor controllers may register for CONN_BW
     events.  Changing this requires that **TestingTorNetwork** is set.

src/or/config.c

@@ -479,8 +479,11 @@ static config_var_t option_vars_[] = {
   V(TestingMicrodescMaxDownloadTries, UINT, "8"),
   V(TestingCertMaxDownloadTries, UINT, "8"),
   V(TestingDirAuthVoteExit, ROUTERSET, NULL),
+  V(TestingDirAuthVoteExitIsStrict,  BOOL,     "0"),
   V(TestingDirAuthVoteGuard, ROUTERSET, NULL),
+  V(TestingDirAuthVoteGuardIsStrict,  BOOL,     "0"),
   V(TestingDirAuthVoteHSDir, ROUTERSET, NULL),
+  V(TestingDirAuthVoteHSDirIsStrict,  BOOL,     "0"),
   VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "0"),
 
   { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }

src/or/dirserv.c

@@ -2195,16 +2195,22 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs,
     if (routerset_contains_routerstatus(options->TestingDirAuthVoteExit,
                                         rs, 0)) {
       rs->is_exit = 1;
+    } else if (options->TestingDirAuthVoteExitIsStrict) {
+      rs->is_exit = 0;
     }
 
     if (routerset_contains_routerstatus(options->TestingDirAuthVoteGuard,
                                         rs, 0)) {
       rs->is_possible_guard = 1;
+    } else if (options->TestingDirAuthVoteGuardIsStrict) {
+      rs->is_possible_guard = 0;
     }
 
     if (routerset_contains_routerstatus(options->TestingDirAuthVoteHSDir,
                                         rs, 0)) {
       rs->is_hs_dir = 1;
+    } else if (options->TestingDirAuthVoteHSDirIsStrict) {
+      rs->is_hs_dir = 0;
     }
   }
 }

src/or/or.h

@@ -4094,15 +4094,18 @@ typedef struct {
   /** Relays in a testing network which should be voted Exit
    * regardless of exit policy. */
   routerset_t *TestingDirAuthVoteExit;
+  int TestingDirAuthVoteExitIsStrict;
 
   /** Relays in a testing network which should be voted Guard
    * regardless of uptime and bandwidth. */
   routerset_t *TestingDirAuthVoteGuard;
+  int TestingDirAuthVoteGuardIsStrict;
 
   /** Relays in a testing network which should be voted HSDir
    * regardless of uptime and DirPort.
    * Respects VoteOnHidServDirectoriesV2. */
   routerset_t *TestingDirAuthVoteHSDir;
+  int TestingDirAuthVoteHSDirIsStrict;
 
   /** Enable CONN_BW events.  Only altered on testing networks. */
   int TestingEnableConnBwEvent;