Merge branch 'ticket20960'

This commit is contained in:
Nick Mathewson 2016-12-13 18:03:43 -05:00
commit 387de08fb4
7 changed files with 7 additions and 31 deletions

5
changes/ticket20960 Normal file
View File

@ -0,0 +1,5 @@
o Removed features:
- The AuthDirMaxServersPerAuthAddr option no longer exists: The same
limit for relays running on a single IP applies to authority IP
addresses as well as to non-authority IP addresses. Closes ticket
20960.

View File

@ -2246,10 +2246,6 @@ on the public Tor network.
list as acceptable on a single IP address. Set this to "0" for "no limit". list as acceptable on a single IP address. Set this to "0" for "no limit".
(Default: 2) (Default: 2)
[[AuthDirMaxServersPerAuthAddr]] **AuthDirMaxServersPerAuthAddr** __NUM__::
Authoritative directories only. Like AuthDirMaxServersPerAddr, but applies
to addresses shared with directory authorities. (Default: 5)
[[AuthDirFastGuarantee]] **AuthDirFastGuarantee** __N__ **bytes**|**KBytes**|**MBytes**|**GBytes**|**TBytes**|**KBits**|**MBits**|**GBits**|**TBits**:: [[AuthDirFastGuarantee]] **AuthDirFastGuarantee** __N__ **bytes**|**KBytes**|**MBytes**|**GBytes**|**TBytes**|**KBits**|**MBits**|**GBits**|**TBits**::
Authoritative directories only. If non-zero, always vote the Authoritative directories only. If non-zero, always vote the
Fast flag for any relay advertising this amount of capacity or Fast flag for any relay advertising this amount of capacity or

View File

@ -218,7 +218,7 @@ static config_var_t option_vars_[] = {
OBSOLETE("AuthDirListBadDirs"), OBSOLETE("AuthDirListBadDirs"),
V(AuthDirListBadExits, BOOL, "0"), V(AuthDirListBadExits, BOOL, "0"),
V(AuthDirMaxServersPerAddr, UINT, "2"), V(AuthDirMaxServersPerAddr, UINT, "2"),
V(AuthDirMaxServersPerAuthAddr,UINT, "5"), OBSOLETE("AuthDirMaxServersPerAuthAddr"),
V(AuthDirHasIPv6Connectivity, BOOL, "0"), V(AuthDirHasIPv6Connectivity, BOOL, "0"),
VAR("AuthoritativeDirectory", BOOL, AuthoritativeDir, "0"), VAR("AuthoritativeDirectory", BOOL, AuthoritativeDir, "0"),
V(AutomapHostsOnResolve, BOOL, "0"), V(AutomapHostsOnResolve, BOOL, "0"),
@ -594,7 +594,6 @@ static const config_var_t testing_tor_network_defaults[] = {
V(EnforceDistinctSubnets, BOOL, "0"), V(EnforceDistinctSubnets, BOOL, "0"),
V(AssumeReachable, BOOL, "1"), V(AssumeReachable, BOOL, "1"),
V(AuthDirMaxServersPerAddr, UINT, "0"), V(AuthDirMaxServersPerAddr, UINT, "0"),
V(AuthDirMaxServersPerAuthAddr,UINT, "0"),
V(ClientBootstrapConsensusAuthorityDownloadSchedule, CSV_INTERVAL, V(ClientBootstrapConsensusAuthorityDownloadSchedule, CSV_INTERVAL,
"0, 2, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 8, 16, 32, 60"), "0, 2, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 8, 16, 32, 60"),
V(ClientBootstrapConsensusFallbackDownloadSchedule, CSV_INTERVAL, V(ClientBootstrapConsensusFallbackDownloadSchedule, CSV_INTERVAL,

View File

@ -2056,12 +2056,8 @@ get_possible_sybil_list(const smartlist_t *routers)
int addr_count; int addr_count;
/* Allow at most this number of Tor servers on a single IP address, ... */ /* Allow at most this number of Tor servers on a single IP address, ... */
int max_with_same_addr = options->AuthDirMaxServersPerAddr; int max_with_same_addr = options->AuthDirMaxServersPerAddr;
/* ... unless it's a directory authority, in which case allow more. */
int max_with_same_addr_on_authority = options->AuthDirMaxServersPerAuthAddr;
if (max_with_same_addr <= 0) if (max_with_same_addr <= 0)
max_with_same_addr = INT_MAX; max_with_same_addr = INT_MAX;
if (max_with_same_addr_on_authority <= 0)
max_with_same_addr_on_authority = INT_MAX;
smartlist_add_all(routers_by_ip, routers); smartlist_add_all(routers_by_ip, routers);
smartlist_sort(routers_by_ip, compare_routerinfo_by_ip_and_bw_); smartlist_sort(routers_by_ip, compare_routerinfo_by_ip_and_bw_);
@ -2074,9 +2070,7 @@ get_possible_sybil_list(const smartlist_t *routers)
last_addr = ri->addr; last_addr = ri->addr;
addr_count = 1; addr_count = 1;
} else if (++addr_count > max_with_same_addr) { } else if (++addr_count > max_with_same_addr) {
if (!router_addr_is_trusted_dir(ri->addr) || digestmap_set(omit_as_sybil, ri->cache_info.identity_digest, ri);
addr_count > max_with_same_addr_on_authority)
digestmap_set(omit_as_sybil, ri->cache_info.identity_digest, ri);
} }
} SMARTLIST_FOREACH_END(ri); } SMARTLIST_FOREACH_END(ri);

View File

@ -3969,9 +3969,6 @@ typedef struct {
* and vote for all other exits as good. */ * and vote for all other exits as good. */
int AuthDirMaxServersPerAddr; /**< Do not permit more than this int AuthDirMaxServersPerAddr; /**< Do not permit more than this
* number of servers per IP address. */ * number of servers per IP address. */
int AuthDirMaxServersPerAuthAddr; /**< Do not permit more than this
* number of servers per IP address shared
* with an authority. */
int AuthDirHasIPv6Connectivity; /**< Boolean: are we on IPv6? */ int AuthDirHasIPv6Connectivity; /**< Boolean: are we on IPv6? */
int AuthDirPinKeys; /**< Boolean: Do we enforce key-pinning? */ int AuthDirPinKeys; /**< Boolean: Do we enforce key-pinning? */

View File

@ -2991,20 +2991,6 @@ router_digest_is_trusted_dir_type(const char *digest, dirinfo_type_t type)
return 0; return 0;
} }
/** Return true iff <b>addr</b> is the address of one of our trusted
* directory authorities. */
int
router_addr_is_trusted_dir(uint32_t addr)
{
if (!trusted_dir_servers)
return 0;
SMARTLIST_FOREACH(trusted_dir_servers, dir_server_t *, ent,
if (ent->addr == addr)
return 1;
);
return 0;
}
/** If hexdigest is correctly formed, base16_decode it into /** If hexdigest is correctly formed, base16_decode it into
* digest, which must have DIGEST_LEN space in it. * digest, which must have DIGEST_LEN space in it.
* Return 0 on success, -1 on failure. * Return 0 on success, -1 on failure.

View File

@ -86,7 +86,6 @@ int router_digest_is_trusted_dir_type(const char *digest,
#define router_digest_is_trusted_dir(d) \ #define router_digest_is_trusted_dir(d) \
router_digest_is_trusted_dir_type((d), NO_DIRINFO) router_digest_is_trusted_dir_type((d), NO_DIRINFO)
int router_addr_is_trusted_dir(uint32_t addr);
int hexdigest_to_digest(const char *hexdigest, char *digest); int hexdigest_to_digest(const char *hexdigest, char *digest);
const routerinfo_t *router_get_by_id_digest(const char *digest); const routerinfo_t *router_get_by_id_digest(const char *digest);
routerinfo_t *router_get_mutable_by_digest(const char *digest); routerinfo_t *router_get_mutable_by_digest(const char *digest);