For consistency with the other `ClientCirc` APIs,
`ClientCirc::allow_stream_requests` now takes a `HopNum` argument. Upon
receiving an incoming stream request, the reactor now checks if the
request came from the hop specified in `allow_stream_requests` (and if
it came from a different hop, the circuit is closed).
Part of #1009
The IptEstablisher needs to continuously maintain the IPT even as the
netdir is updated. Whereas, the IPT manager just wants to select the
relay from the netdir once and then only think about the relay
identity.
So it makes sense for the establisher to do necessary lookups of the
relay's ids in the netdir.
This was introduced in c82cda85d6
tor-basic-utils: DropNotifyWatchSender: use DropNotifyEofSignallable
and already, then, the is_eof() method is redundant.
At the very least, I need FatalError to be distinct:
IptEstablisher::new ought not to fail unless everything is terrible.
Add a the Spawn variant to FatalError (that we'll need soon) and the
Bug variant (which it seems likely we might need).
This also gets rid of the crate-level Result alias.
This code has most of what we need to go from an INTRODUCE2 message
we've just received to the point where we've connected to the
rendezvous point and we're waiting for a stream of BEGIN messages.
Unfinished pieces are marked with TODO HSS.
Most of #980.
We want to change the error return types of many methods, so we need a
way to name `std::result::Result`.
We could use `StdResult`, but, actually, properly distinguishing the
kinds of errors that can occur in various contexts means we don't
actually want a single Error type for the whole crate, so
`crate::Result` is going to go away.
This commit deprecates the `EncodeError::always_bug` function with a
`From<EncodeError> for Bug` trait, which is a more semantically correct
way to perform this action.
The IPT manager is going to want to separate the IptEstablisher
struct (which contains the Drop signal) from the watch receiver.
We could add an accessor to clone the watch, but the copy in the
IptEstablisher would be redundant.
This makes new()'s signature a bit funky but it's an internal method
so I think that's fine.
This implements the part of the spec that says a node that has already
been selected for a lowered-numbered replica, shouldn't be considered
when choosing `spread` nodes for any other higher-numbered replicas.
Note: previously, the test added in this commit wouldn't have passed
(because `NetDir::hs_dirs` used to return duplicate relays under some
circumstances).
Part of #960
This makes `ring_items_at()` take an extra parameter which specifies
whether an item is acceptable or not. The newly added filtering
capabilities will be used to implement the part of the spec that says
that if a node was selected for a replica, then it shouldn't be
considered when choosing `spread` nodes for any other higher-numbered
replicas.
Previously, the `Requestable` trait assumed the body of the request
would always be empty (`http::Request<()>`). This change replaces the
hardcoded `()` body type with the `Requestable::Body` associated type
(which will allow implementors to create requests with non-empty
bodies). This will enable us to reuse the `Requestable` trait for
building `POST` requests for uploading descriptors.
`download()` is actually a general-purpose function for sending HTTP
requests on a stream. We will soon repurpose it for `POST`-ing
descriptors, so let's rename it to `send_request`.