From 09bc858dd54101e645b31bf32fe463b73c38add2 Mon Sep 17 00:00:00 2001 From: David Goulet Date: Tue, 25 Apr 2017 13:49:05 -0400 Subject: [PATCH] config: Remove ExcludeSingleHopRelays option Deprecated in 0.2.9.2-alpha, this commits changes it as OBSOLETE() and cleans up the code associated with it. Partially fixes #22060 Signed-off-by: David Goulet --- changes/bug22060 | 2 ++ doc/tor.1.txt | 9 --------- src/or/circuitbuild.c | 5 +++-- src/or/config.c | 4 +--- src/or/or.h | 4 ---- src/or/routerlist.c | 14 ++++++-------- 6 files changed, 12 insertions(+), 26 deletions(-) diff --git a/changes/bug22060 b/changes/bug22060 index caf624d314..e112b8970c 100644 --- a/changes/bug22060 +++ b/changes/bug22060 @@ -5,3 +5,5 @@ rendered obsolete. Code has been removed and feature no longer exists. - AllowSingleHopExits was deprecated in 0.2.9.2-alpha and now has been rendered obsolete. Code has been removed and feature no longer exists. + - ExcludeSingleHopRelays was deprecated in 0.2.9.2-alpha and now has been + rendered obsolete. Code has been removed and feature no longer exists. diff --git a/doc/tor.1.txt b/doc/tor.1.txt index e2e48088f4..54d0614d60 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -772,15 +772,6 @@ CLIENT OPTIONS The following options are useful only for clients (that is, if **SocksPort**, **TransPort**, **DNSPort**, or **NATDPort** is non-zero): -[[ExcludeSingleHopRelays]] **ExcludeSingleHopRelays** **0**|**1**:: - This option controls whether circuits built by Tor will include relays with - the AllowSingleHopExits flag set to true. If ExcludeSingleHopRelays is set - to 0, these relays will be included. Note that these relays might be at - higher risk of being seized or observed, so they are not normally - included. Also note that relatively few clients turn off this option, - so using these relays might make your client stand out. - (Default: 1) - [[Bridge]] **Bridge** [__transport__] __IP__:__ORPort__ [__fingerprint__]:: When set along with UseBridges, instructs Tor to use the relay at "IP:ORPort" as a "bridge" relaying into the Tor network. If "fingerprint" diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index faf2e3dcd9..012229bf86 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -1835,8 +1835,9 @@ choose_good_exit_server_general(int need_uptime, int need_capacity) // router->nickname, i); continue; /* skip invalid routers */ } - if (options->ExcludeSingleHopRelays && - node_allows_single_hop_exits(node)) { + /* We do not allow relays that allow single hop exits by default. Option + * was deprecated in 0.2.9.2-alpha and removed in 0.3.1.0-alpha. */ + if (node_allows_single_hop_exits(node)) { n_supported[i] = -1; continue; } diff --git a/src/or/config.c b/src/or/config.c index 9b3570b3e4..a922433906 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -303,7 +303,7 @@ static config_var_t option_vars_[] = { V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"), V(ExcludeNodes, ROUTERSET, NULL), V(ExcludeExitNodes, ROUTERSET, NULL), - V(ExcludeSingleHopRelays, BOOL, "1"), + OBSOLETE("ExcludeSingleHopRelays"), V(ExitNodes, ROUTERSET, NULL), V(ExitPolicy, LINELIST, NULL), V(ExitPolicyRejectPrivate, BOOL, "1"), @@ -664,8 +664,6 @@ static const config_deprecation_t option_deprecation_notes_[] = { "a wide variety of application-level attacks." }, { "ClientDNSRejectInternalAddresses", "Turning this on makes your client " "easier to fingerprint, and may open you to esoteric attacks." }, - { "ExcludeSingleHopRelays", "Turning it on makes your client easier to " - "fingerprint." }, { "FastFirstHopPK", "Changing this option does not make your client more " "secure, but does make it easier to fingerprint." }, { "CloseHSClientCircuitsImmediatelyOnTimeout", "This option makes your " diff --git a/src/or/or.h b/src/or/or.h index 3670078c47..e221959d6e 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -4114,10 +4114,6 @@ typedef struct { * if we are a cache). For authorities, this is always true. */ int DownloadExtraInfo; - /** If true, don't allow relays with allow-single-hop-exits to be used in - * circuits that we build. */ - int ExcludeSingleHopRelays; - /** If true, we convert "www.google.com.foo.exit" addresses on the * socks/trans/natd ports into "www.google.com" addresses that * exit from the node "foo". Disabled by default since attacking diff --git a/src/or/routerlist.c b/src/or/routerlist.c index b3b959a291..0332054809 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -2807,14 +2807,12 @@ router_choose_random_node(smartlist_t *excludedsmartlist, rule = weight_for_exit ? WEIGHT_FOR_EXIT : (need_guard ? WEIGHT_FOR_GUARD : WEIGHT_FOR_MID); - /* Exclude relays that allow single hop exit circuits, if the user - * wants to (such relays might be risky) */ - if (get_options()->ExcludeSingleHopRelays) { - SMARTLIST_FOREACH(nodelist_get_list(), node_t *, node, - if (node_allows_single_hop_exits(node)) { - smartlist_add(excludednodes, node); - }); - } + /* Exclude relays that allow single hop exit circuits. This is an obsolete + * option since 0.2.9.2-alpha and done by default in 0.3.1.0-alpha. */ + SMARTLIST_FOREACH(nodelist_get_list(), node_t *, node, + if (node_allows_single_hop_exits(node)) { + smartlist_add(excludednodes, node); + }); if ((r = routerlist_find_my_routerinfo())) routerlist_add_node_and_family(excludednodes, r);