mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-30 15:43:32 +01:00
Merge branch 'ticket20960'
This commit is contained in:
commit
387de08fb4
5
changes/ticket20960
Normal file
5
changes/ticket20960
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
o Removed features:
|
||||||
|
- The AuthDirMaxServersPerAuthAddr option no longer exists: The same
|
||||||
|
limit for relays running on a single IP applies to authority IP
|
||||||
|
addresses as well as to non-authority IP addresses. Closes ticket
|
||||||
|
20960.
|
@ -2246,10 +2246,6 @@ on the public Tor network.
|
|||||||
list as acceptable on a single IP address. Set this to "0" for "no limit".
|
list as acceptable on a single IP address. Set this to "0" for "no limit".
|
||||||
(Default: 2)
|
(Default: 2)
|
||||||
|
|
||||||
[[AuthDirMaxServersPerAuthAddr]] **AuthDirMaxServersPerAuthAddr** __NUM__::
|
|
||||||
Authoritative directories only. Like AuthDirMaxServersPerAddr, but applies
|
|
||||||
to addresses shared with directory authorities. (Default: 5)
|
|
||||||
|
|
||||||
[[AuthDirFastGuarantee]] **AuthDirFastGuarantee** __N__ **bytes**|**KBytes**|**MBytes**|**GBytes**|**TBytes**|**KBits**|**MBits**|**GBits**|**TBits**::
|
[[AuthDirFastGuarantee]] **AuthDirFastGuarantee** __N__ **bytes**|**KBytes**|**MBytes**|**GBytes**|**TBytes**|**KBits**|**MBits**|**GBits**|**TBits**::
|
||||||
Authoritative directories only. If non-zero, always vote the
|
Authoritative directories only. If non-zero, always vote the
|
||||||
Fast flag for any relay advertising this amount of capacity or
|
Fast flag for any relay advertising this amount of capacity or
|
||||||
|
@ -218,7 +218,7 @@ static config_var_t option_vars_[] = {
|
|||||||
OBSOLETE("AuthDirListBadDirs"),
|
OBSOLETE("AuthDirListBadDirs"),
|
||||||
V(AuthDirListBadExits, BOOL, "0"),
|
V(AuthDirListBadExits, BOOL, "0"),
|
||||||
V(AuthDirMaxServersPerAddr, UINT, "2"),
|
V(AuthDirMaxServersPerAddr, UINT, "2"),
|
||||||
V(AuthDirMaxServersPerAuthAddr,UINT, "5"),
|
OBSOLETE("AuthDirMaxServersPerAuthAddr"),
|
||||||
V(AuthDirHasIPv6Connectivity, BOOL, "0"),
|
V(AuthDirHasIPv6Connectivity, BOOL, "0"),
|
||||||
VAR("AuthoritativeDirectory", BOOL, AuthoritativeDir, "0"),
|
VAR("AuthoritativeDirectory", BOOL, AuthoritativeDir, "0"),
|
||||||
V(AutomapHostsOnResolve, BOOL, "0"),
|
V(AutomapHostsOnResolve, BOOL, "0"),
|
||||||
@ -594,7 +594,6 @@ static const config_var_t testing_tor_network_defaults[] = {
|
|||||||
V(EnforceDistinctSubnets, BOOL, "0"),
|
V(EnforceDistinctSubnets, BOOL, "0"),
|
||||||
V(AssumeReachable, BOOL, "1"),
|
V(AssumeReachable, BOOL, "1"),
|
||||||
V(AuthDirMaxServersPerAddr, UINT, "0"),
|
V(AuthDirMaxServersPerAddr, UINT, "0"),
|
||||||
V(AuthDirMaxServersPerAuthAddr,UINT, "0"),
|
|
||||||
V(ClientBootstrapConsensusAuthorityDownloadSchedule, CSV_INTERVAL,
|
V(ClientBootstrapConsensusAuthorityDownloadSchedule, CSV_INTERVAL,
|
||||||
"0, 2, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 8, 16, 32, 60"),
|
"0, 2, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 8, 16, 32, 60"),
|
||||||
V(ClientBootstrapConsensusFallbackDownloadSchedule, CSV_INTERVAL,
|
V(ClientBootstrapConsensusFallbackDownloadSchedule, CSV_INTERVAL,
|
||||||
|
@ -2056,12 +2056,8 @@ get_possible_sybil_list(const smartlist_t *routers)
|
|||||||
int addr_count;
|
int addr_count;
|
||||||
/* Allow at most this number of Tor servers on a single IP address, ... */
|
/* Allow at most this number of Tor servers on a single IP address, ... */
|
||||||
int max_with_same_addr = options->AuthDirMaxServersPerAddr;
|
int max_with_same_addr = options->AuthDirMaxServersPerAddr;
|
||||||
/* ... unless it's a directory authority, in which case allow more. */
|
|
||||||
int max_with_same_addr_on_authority = options->AuthDirMaxServersPerAuthAddr;
|
|
||||||
if (max_with_same_addr <= 0)
|
if (max_with_same_addr <= 0)
|
||||||
max_with_same_addr = INT_MAX;
|
max_with_same_addr = INT_MAX;
|
||||||
if (max_with_same_addr_on_authority <= 0)
|
|
||||||
max_with_same_addr_on_authority = INT_MAX;
|
|
||||||
|
|
||||||
smartlist_add_all(routers_by_ip, routers);
|
smartlist_add_all(routers_by_ip, routers);
|
||||||
smartlist_sort(routers_by_ip, compare_routerinfo_by_ip_and_bw_);
|
smartlist_sort(routers_by_ip, compare_routerinfo_by_ip_and_bw_);
|
||||||
@ -2074,8 +2070,6 @@ get_possible_sybil_list(const smartlist_t *routers)
|
|||||||
last_addr = ri->addr;
|
last_addr = ri->addr;
|
||||||
addr_count = 1;
|
addr_count = 1;
|
||||||
} else if (++addr_count > max_with_same_addr) {
|
} else if (++addr_count > max_with_same_addr) {
|
||||||
if (!router_addr_is_trusted_dir(ri->addr) ||
|
|
||||||
addr_count > max_with_same_addr_on_authority)
|
|
||||||
digestmap_set(omit_as_sybil, ri->cache_info.identity_digest, ri);
|
digestmap_set(omit_as_sybil, ri->cache_info.identity_digest, ri);
|
||||||
}
|
}
|
||||||
} SMARTLIST_FOREACH_END(ri);
|
} SMARTLIST_FOREACH_END(ri);
|
||||||
|
@ -3969,9 +3969,6 @@ typedef struct {
|
|||||||
* and vote for all other exits as good. */
|
* and vote for all other exits as good. */
|
||||||
int AuthDirMaxServersPerAddr; /**< Do not permit more than this
|
int AuthDirMaxServersPerAddr; /**< Do not permit more than this
|
||||||
* number of servers per IP address. */
|
* number of servers per IP address. */
|
||||||
int AuthDirMaxServersPerAuthAddr; /**< Do not permit more than this
|
|
||||||
* number of servers per IP address shared
|
|
||||||
* with an authority. */
|
|
||||||
int AuthDirHasIPv6Connectivity; /**< Boolean: are we on IPv6? */
|
int AuthDirHasIPv6Connectivity; /**< Boolean: are we on IPv6? */
|
||||||
int AuthDirPinKeys; /**< Boolean: Do we enforce key-pinning? */
|
int AuthDirPinKeys; /**< Boolean: Do we enforce key-pinning? */
|
||||||
|
|
||||||
|
@ -2991,20 +2991,6 @@ router_digest_is_trusted_dir_type(const char *digest, dirinfo_type_t type)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Return true iff <b>addr</b> is the address of one of our trusted
|
|
||||||
* directory authorities. */
|
|
||||||
int
|
|
||||||
router_addr_is_trusted_dir(uint32_t addr)
|
|
||||||
{
|
|
||||||
if (!trusted_dir_servers)
|
|
||||||
return 0;
|
|
||||||
SMARTLIST_FOREACH(trusted_dir_servers, dir_server_t *, ent,
|
|
||||||
if (ent->addr == addr)
|
|
||||||
return 1;
|
|
||||||
);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
/** If hexdigest is correctly formed, base16_decode it into
|
/** If hexdigest is correctly formed, base16_decode it into
|
||||||
* digest, which must have DIGEST_LEN space in it.
|
* digest, which must have DIGEST_LEN space in it.
|
||||||
* Return 0 on success, -1 on failure.
|
* Return 0 on success, -1 on failure.
|
||||||
|
@ -86,7 +86,6 @@ int router_digest_is_trusted_dir_type(const char *digest,
|
|||||||
#define router_digest_is_trusted_dir(d) \
|
#define router_digest_is_trusted_dir(d) \
|
||||||
router_digest_is_trusted_dir_type((d), NO_DIRINFO)
|
router_digest_is_trusted_dir_type((d), NO_DIRINFO)
|
||||||
|
|
||||||
int router_addr_is_trusted_dir(uint32_t addr);
|
|
||||||
int hexdigest_to_digest(const char *hexdigest, char *digest);
|
int hexdigest_to_digest(const char *hexdigest, char *digest);
|
||||||
const routerinfo_t *router_get_by_id_digest(const char *digest);
|
const routerinfo_t *router_get_by_id_digest(const char *digest);
|
||||||
routerinfo_t *router_get_mutable_by_digest(const char *digest);
|
routerinfo_t *router_get_mutable_by_digest(const char *digest);
|
||||||
|
Loading…
Reference in New Issue
Block a user